ADSL + Linux + iptables
Spent all weekend doing it pretty much, but Tullis and I managed to get City Rd’s Debian box sharing our brand spanking new lovely speedy ADSL connection around our little LAN. I posted this message to Hypothetical to explain how we did it to one of Hype’s users. The whole thing was a excellent learning process. We had to rebuild the kernel which was not new but is always fun. Then PPPD has modules for PPPoA/E, and that’s about all is needed to support a USB ADSL modem.
Getting our heads around iptables over ipchains or ipfwadm proved to be a steeper learning curve. Basically we spent a day getting ADSL working and a day getting IP masquerading et al working. In the end we just had to download an example set of tight firewall rules and then hack it open a bit. cityroad.hn.org currently reports every known port as open or filtered when basic nmapped, which is not ideal, and it does reply to incoming ICMP type 8 packets (that’s ping, hehe), which I’m not sure I like, but it will be handy.
Tonight I will get on to shoring the defences up again a bit more. At the end of the day, we are there, no two ways about it, but the fact that we have some security will hopefully discourage any potential h4x0rs and move them along to one of our windoze-runnin’, no-clue-havin’ virtual neighbours.