yumi-chan

7 days have been and gone, and I’ve got no iPod, but the status page has updated this morning saying it’s in Luxembourg. So it should arrive very soon.

I now have a new machine as my router/firewall/dns/dhcp/ntp box. Yumi-chan, a p2 266, that’s 66mhz faster than the last one… stunning.

NTP I sort of had working once, but now I really have working. DHCP I’ve never had before, but now I do, seems a really useful tool, I still need to get it talking to the dns about which name points to which IP.

As for the iptables, the packet filter firewall, I’ve now set it up using FireHOL after I read their dead simple example on their homepage it seemed stupid not to use it. At least over writing bash scripts to handle iptables.

For the record, here’s my firewall setup:

interface eth0 mylan
  server ssh accept
  server webcache accept
  server dns accept
  server ntp accept
  server dhcp accept
  server ICMP accept
  server custom gkrellmd "tcp/19150" default accept
  client all accept

interface ppp+ internet
  server ssh accept src {insert my work ip here}
  client all accept

router mylan2internet inface eth0 outface ppp+
  masquerade
  route all accept

It roughly says, allow only ssh, webcache, dns, ntp, dhcp, ICMP (pings) and gkrellmd connections internally. Only allow ssh from my work ip, but allow all connections outbound. Masquerade outbound eth0 traffic over ppp devices. Much simpler than long iptable commands plus its easy to get an overview of what is happening in one quick glance.

I’ve given it a thorough testing with nmap and some online port scanners and I’m pleased with the results, ie, it works exactly as expected.