/mili

FireHole ROCKS !

I always had a problem with iptables !
For this reason about 3 years ago I bought Linux iptables Pocket Reference Book.
But I never read it completely, always read it until page 7-8 and after that I through it away !
A few days ago Siavash suggested me FireHole, I install it but didn’t use it until 1 hour ago !
I used it for sharing internet connection.
It has too fast config ! it’s too cool !
FireHole’s document is enough good but I write down my config here (maybe you don’t like read that document because you are as lazy as me !)

#/etc/firehol/firehol.conf
version 5
#your LAN card config
home_ips="192.168.0.1/24"
 
#my lan interface was eth2
interface eth2 home src "${home_ips}"
policy reject
server "ssh ftp http" accept #allow use this services from LAN to eth2
 
#my internet interface was name ppp0 - don't change anything else !
interface ppp0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
server custom fb tcp/1511 default accept
server ident reject with tcp-reset
client all accept
 
#we want share internet from ppp0 to our LAN (eth2)
router home2internet inface eth2 outface ppp0
masquerade
route all accept

After this change, restart your firehole.

If you just want share internet and don’t like face with this configs I suggest you Parsix ics script.
All you thing you should do is “/etc/init.d/ics start” without any config !!!