F I R E | G A T E


SYNOPSIS

FIRE|GATE is a Linux IPtables script for use as a firewall and NAT/masquerade router for home networks or SOHO applications. It shares access to a single internet connection from multiple workstations, and can optionally forward all inbound HTTP, SMTP or other requests to internal servers (as opposed to a DMZ).

Hardware requirements are modest, with an i486 with 16MB RAM being capable of handling at least 10 machines (if not many more). Since it makes use of the netfilter code in the 2.4 kernel, FIRE|GATE is more robust and configurable, not to mention considerably shorter, than an equivalent IPchains script.

FIRE|GATE differs from many other examples online as follows:


RELEASE STATUS

THIS SCRIPT IS IN DEVELOPMENT AND MAY NOT BE SUITABLE FOR USE IN A PRODUCTION ENVIRONMENT. Concerns and questions are prefixed with "FIXME" to denote they need to be addressed. You should review the code thoroughly to ensure it is appropriate for your location and situation.

Initially this script used ReAIM, a proxy that allowed direct connections for the AIM and MSN instant message clients; after the first few attempts, it stopped working properly on the author's machine. However, your mileage may vary.

The current version of FIRE|GATE does allow certain file transfers and direct connections in AIM, MSN & ICQ, but functionality is not complete. It is possible that a SOCKS proxy (NEC, DeleGate) might alleviate this problem, but the ultimate goal is for the script to handle these sessions itself.

FIRE|GATE is not related to "Firegate SMB Server" at wiresoft.net, nor the "FireGate Firewall Network Appliance" at ntl-uk.com.


USAGE/INSTALLATION

FIRE|GATE responds to the following commands:

firegate {start|stop|status|restart|reload}
  start -- loads firewall and NAT/masquerade rules
   stop -- blocks incoming traffic & stops NAT/masquerade
 status -- checks whether or not /var/lock/firegate file exists
restart -- flushes any rules from kernel, then reloads script
 reload -- same function as restart

Running ./firegate with no options will display a brief list of available commands. Note that when running manually (from shell) you usually need to include the path ./ for scripts to execute.

To install, place the script in your /etc/init.d (or equivalent) folder, and create a symlink from your /etc/rc2.d (or whatever runlevel you want) that runs firegate start. For your rc6.d (shutdown) folder, create a symlink that runs firegate stop .

Debian .DEB and RedHat .RPM packages may be created in the near future to simplify this process; if you have experience with packaging and are willing to help, please contact the author (see below).


DOWNLOAD/CONTACT

The latest version of FireGate is first available for download at the author's website, and is uploaded shortly thereafter to mirror sites (within a few hours at most).

You can also obtain FIRE|GATE from the author's mirror site, from its freshmeat project page, or from its SourceForge summary page.

Suggestions, comments or constructive criticism of this script are always welcome; please contact lunar@xrs.net.


LICENSE

OSI Certified Open Source Software

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, Version 2.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA