The Bootable CD Library
Bootable CD firewalls are an excellent way to combine high assurance against attacks on the firewall itself with network address translation to allow you to hook up many computers to a single external Internet connection. Here's how it works and what you have to do:
Prepare your system: Prepare your system as you do for all floppy add-ons. In addition, make sure your computer has two Linux-compatable ethernet cards. Connect those cards so that one goes to your Internet cable modem or DSL connection and the other one goes to a "hub" that you use to connect all of your internal computers to. Bring up the 'outside' connection to the Internet as described in the tutorial.
This script depends on the 'outside' of the firewall being attached to ethernet 0 and the 'inside' being attached to ethernet 1. By typing:
ifconfig
If the system indicates that the external connection is on eth1 or some other interface other than eth0, change the Ethernet cable on your computer to attach to another interface, reboot, and restart the network. Do this until eth0 has the external connection.
Update PLAC.go on the floppy: Put the normal network startup process in your PLAC.go file in the root directory of your floppy and add the firewall startup script as follows:
echo "IP=`ifconfig | grep inet | sed 's/:/ /g' | ( read a b c d; echo $c)`" >> /mnt/floppy/PLAC.go echo "/mnt/floppy/firewall $IP" >> /mnt/floppy/PLAC.go
Note that these lines have back-quotes, double quotes, and other similar things that are easily mistyped. Cut and paste usually does this better than manual typing.
Copy the firewall file to the floppy: Get the firewall file from here and save it on your floppy disk as /mnt/floppy/firewall. Then type:
chmod 755 /mnt/floppy/firewall
Reboot your computer: You now reboot your computer and you should be good to go. Your internal computers should have IP addresses like 10.0.0.2, 10.0.0.3, and so forth. The gateway IP address will be 10.0.0.1 and this should provide relatively safe aceess through your external connection to the Internet.
The Bootable CD supports both IPtables and IPchains firewalling. By default, IPtables is enabled, however, to enable IPchains, simply type:
You can only run EITHER iptables or IPchains at any given time, not both. For more details on their use, use the man command.