TrinityOS is a step-by-step, example-driven HOWTO on building a very functional Linux box with strong security in mind. TrinityOS is well known for its strong packet firewall ruleset, Chrooted and Split DNS (v9 and v8), secured Sendmail (8.x), Linux PPTP, Serial consoles and Reverse TELNET, DHCPd, SSHd, UPSes, system performance tuning, the automated TrinityOS-Security implementation scripts, and much more.
The IP Masquerade HOWTO is the document that contains instructions on understanding, configuring, and troubleshooting NAT or Network Address Translation for Linux. It covers topics such as IPTABLES, PORTFW, IPCHAINS, IPFWADM, stronger packet firewalls, multiple network segments, and configuring many client operating systems. It also has an extensive FAQ and troubleshooting section.
> When will this wonderful
> "howto" include iptables?
> It'd be nice to have the great support
> for ipchains available in iptables
I'm working on a new ruleset that both supports (1) NIC NON-MASQed setups as well as (4) NIC MASQed setups for the IPCHAINS ruleset. This new ruleset will also be split into two files. With this upgrade, any future upgrades will NOT require users to have to manually edit the entire ruleset ever time. All you'll have to do is replace the actual ruleset and reload it. Yes, you might not get any of the newly added features but you can address those as time permits. Anyway, once this new IPCHAINS mechanism is stable, the port to IPTABLES should be trivial. The other reason I haven't moved over to IPTABLES (though it is stateful) is that the MASQ support is not as good as the 2.2.x kernels. IPTABLES still does not have support for H.323, RealAudio, ICQ, etc. Because of this, my motiviation is somewhat less. No worries though.. I plainly see the writing on the wall and IPTABLES mechanism is a great upgrade for us all. I just need to do the upgrade RIGHT.
Until then, there IS a mode in IPTABLES to support IPCHAINS rulesets. Check it out. I'll see if I can add that into the next revision.