Difference between revisions of "Software projects/OS/Slackware/Advanced usage/Firewall"
From Pandora Wiki
Linux-SWAT (talk | contribs) (→Network interfaces) |
Linux-SWAT (talk | contribs) (→QoS) |
||
| Line 41: | Line 41: | ||
iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput | iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput | ||
iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput | iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput | ||
| − | * A more advanced setup makes use of dedicated kernel modules. The most known is the outdated [http://lartc.org/wondershaper/ wondershaper]. | + | * A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated [http://lartc.org/wondershaper/ wondershaper]. |
Revision as of 02:55, 17 April 2012
Network interfaces
- eth0 is the interface that shows up when you plug an USB to ethernet adapter. A list of compatible ones is located here.
- wlan0 is the embedded Wi-fi interface.
- wlan1 is the name of a Wi-fi dongle.
- usb0 is the big USB port (not sure, may be the first plugged).
- usb1 is the small USB port (not sure).
- there's also a bluetooth interface, but until now i never used it, so can't tell more about it.
- These interface numbers may vary, depending which one you plug first.
- The numbers can be fixed using the /etc/udev/rules.d/70-persistent-net.rules file.
- This file is deleted at each shutdown. To make use of it, edit /etc/rc.d/rc.local_shutdown , and comment this line:
rm /etc/udev/rules.d/70-persistent-net.rules
into
#rm /etc/udev/rules.d/70-persistent-net.rules
Firewall
- I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
- I didn't test them as i use a router, so it's up to you to try it.
- If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
Gateway
- To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward /etc/rc.d/rc.ip_forward start
NAT Router
- It also uses a /etc/rc.d/rc.firewall script.
- I don't provide any because everyone have a different setup.
- Create it yourself with the easy firewall generator.
- Then save it as /etc/rc.d/rc.firewall and do this:
chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
QoS
- For now, a recompiled kernel is necessary.
- A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
- A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.
