Thanks for all your replies - I have a ton of material to read through - I'll let you know around Easter time how I get on! :eek:
Not sure whether I need NAT or Masquerade now - here's my setup:
Internet --> [Cable Modem] --> [eth0|Linux box|eth1]-->[Hub]-->LAN
Make sense? Pretty common setup, I think. I need all LAN machines to access internet resources, and I would like most server software on the Linux box - I want the ability to have certain server stuff in the LAN for testing purposes so would need NAT for that (masquerade?).
Thanks - please clear up my confusion.
To do port forwarding in ipchains is not that hard. Do a search for ipmasqadm. I have an http/mysql server setup running behind a dialup firewall that forwards port 80 to my web server.
OK, I've got my firewall running well at the moment. Find attached my script (completely stolen from another website). I need to tweak the script to do the following:
1) Cope with dynamic IP - I've set the $INET_IP variable to my current DHCP assignment. How can I change this script to cope with dynamic IP? eth0 is my dynamically assigned internet-facing network card.
2) Block all outgoing traffic except ports 21,53,80,110,119,123,443,3389,6667-6670,8080
I'm also going to take a look at this
to see if it will make my life any easier.