netmasq 3.4.3 This program is a front-end to Netfilter, the packet filter for the 2.4 and 2.6 kernels. It makes it amazingly easy to configure a full featured stateful firewall with or without masquerading and port forwarding services. When you run netmasq, it will create a very secure firewall that will block all access to your host except by ssh. BE SURE TO INSTALL AND RUN NETMASQ FROM THE CONSOLE OR AN SSH SESSION. If you need to install by telnet, VNC or a remote Xwindows session, you can allow the needed connection type in the /etc/netmasq/default.conf file. After running netmasq for the first time, you can edit the various configuration files to open other connections, as needed. One important thing to realize is that packet filtering happens in the kernel. Netmasq simply configures the filtering. Netmasq must be run at boot time, whenever a configuration file is changed, or whenever there is a change to any of the interfaces. Consider adding /sbin/netmasq to your boot time run files (e.g., /etc/rc.sysinit) and/or your ifup scripts. (For Debian users, just add "up /sbin/netmasq" for each firewalled interface in /etc/network/interfaces.) The -q option to netmasq clears all rules and leaves your host unprotected. If you choose to stop using netmasq, plan to implement a different firewall package immediately. To use another program to configure filtering, just run netmasq -q to clear all filtering rules, then run the other program. If you run netmasq later, it will automatically clear any previous rules. See the macauth file to learn about MAC address authentication, the logging file to learn about logging options and the portfw file to learn about port forwarding. If you want a printout of your current rules in all tables, you can run "netmasq -L". This will not affect anything in your current tables, so you could do this to see what rules other firewall products are using. A couple of points about RedHat (and probably some other distributions): -Check that the cron job to remove unneeded modules is commented out. -Do not run ipchains or iptables as a service. Use ntsysv to turn off these services, then rerun netmasq. If running netmasq on a VMware server, you will need to trust either the IP address or MAC address for every bridged interface in every virtual machine. Be sure to install a firewall on each virtual machine, since netmasq will not protect these interfaces. If you don't like my work, tell me: carl@carltm.com If you do like my work, tell my boss: boss@carltm.com Copyright 2005, 2008, Carl T. Miller, All Rights Reserved This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.