Install Kubuntu 7.10 (KDE 4.0) and configure NAT Firewall in 30 minutes
written by: Patrick Wong | category: Computer Tips | posted: 04/02/08With the recent KDE 4.0.3 released, the third bugfix and maintenance release for the latest generation of the most advanced and powerful free desktop. KDE 4.0.3 is the third monthly update to KDE 4.0. KDE’s award-winning tools and applications are available in 49 languages. KDE, including all its rich libraries and neat applications, is available for free under Open Source licenses. KDE can be obtained in source and various binary formats from download.kde.org
Today I decided to ditch my Debian server and install Kubuntu 7.10. First, I obtain the Kubuntu (KDE 4.0) from http://kubuntu.org/download.php. Proceed with the installation process, takes about 20 minutes.
To make the Linux box a NAT firewall, all you need is to configure the iptables. Of course, you will need to equip 2 NICs (network card). eth0 is my external NIC and eth1 is my internal NIC. (See diagram)
Here’s a simple sample of the iptables settings:
iptables –policy INPUT DROP
iptables –policy OUTPUT DROP
iptables –policy FORWARD DROP
iptables -A OUTPUT -j ACCEPT -o lo
iptables -A INPUT -j ACCEPT -i lo
iptables -A OUTPUT -j ACCEPT -o eth1
iptables -A INPUT -j ACCEPT -i eth1
iptables -A OUTPUT -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A INPUT -p tcp -m state –state NEW,ESTABLISHED -j ACCEPT –dport 22
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
Remember to enable the IP Forwarding:
Under Linux this is known as IP forwarding. This is typically how you enable it:
echo 1 > /proc/sys/net/ipv4/ip_forward
Note: Statically assign 192.168.1.254 in eth1 and DHCP in eth0.
That’s it. You have just created a NAT Firewall in a Linux box! You can do some tweaking such as how to reload my saved iptables settings on startup because your iptables will be gone once reboot, so you want to save the firewall rules permanently. I used the method here.
![[Slashdot]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/slashdot.jpg){kind=icon}
![[Digg]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/digg.jpg){kind=icon}
![[Reddit]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/reddit.jpg){kind=icon}
![[del.icio.us]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/delicious.jpg){kind=icon}
![[Facebook]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/facebook.jpg){kind=icon}
![[Technorati]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/technorati.jpg){kind=icon}
![[Google]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/google.jpg){kind=icon}
![[StumbleUpon]](http://wikigiz.com/wordpress/wp-content/plugins/slashdigglicious/icons/stumbleupon.jpg){kind=icon}
(2 votes, average: 5 out of 5)
Loading ...
Email This Post
Loading ...
