Donate to this project and OSI

FIRE|GATE(tm) OSI Certified Logo

Synopsis Release Status Usage/Installation Download/Contact License


FIRE|GATE is a Linux IPtables script for use as a firewall and NAT/masquerade router for home networks or SOHO applications. It shares access to a single internet connection from multiple workstations, and can optionally forward all inbound HTTP, SMTP or other requests to internal servers (as opposed to a DMZ).

Hardware requirements are modest, with an i486 with 16MB RAM being capable of handling at least 10 machines (if not many more). Since it makes use of the netfilter code in the 2.4 kernel, FIRE|GATE is more robust and configurable, not to mention considerably shorter, than an equivalent IPchains script.

FIRE|GATE differs from many other examples online as follows:

  • Heavily commented, to be as understandable as possible
  • Fully contained in one script - compact and manageable
  • Includes multiple SYSCTL parameters for increased security
  • Attempts to allow IM client file transfers (a rare inclusion)
  • Accepts start|stop|restart|status commands from /etc/init.d
  • No need to specify or grep the external IP, even if DHCP'd


THIS SCRIPT IS IN DEVELOPMENT AND MAY NOT BE SUITABLE FOR USE IN A PRODUCTION ENVIRONMENT. Concerns and questions are prefixed with "FIXME" to denote they need to be addressed. You should review the code thoroughly to ensure it is appropriate for your location and situation.

Initially this script used ReAIM, a proxy that allowed direct connections for the AIM and MSN instant message clients; after the first few attempts, it stopped working properly on the author's machine. However, your mileage may vary.

The current version of FIRE|GATE does allow certain file transfers and direct connections in AIM, MSN & ICQ, but functionality is not complete. It is possible that a SOCKS proxy (NEC, DeleGate) might alleviate this problem, but the ultimate goal is for the script to handle these sessions itself.

FIRE|GATE is not related to "Firegate SMB Server" at, nor the "FireGate Firewall Network Appliance" at


FIRE|GATE responds to the following commands:

firegate {start|stop|status|restart|reload}
  start -- loads firewall and NAT/masquerade rules
   stop -- blocks incoming traffic & stops NAT/masquerade
 status -- shows whether or not /var/lock/firegate file exists
restart -- flushes any rules from kernel, then reloads script
 reload -- same function as restart

Running ./firegate with no options will display a brief list of available commands. Note that when running manually (from shell) you usually need to include the path ./ for scripts to execute.

To install, place the script in your /etc/init.d (or equivalent) folder, and create a symlink from your /etc/rc2.d (or whatever runlevel you want) that runs firegate start. For your rc6.d (shutdown) folder, create a symlink that runs firegate stop .

A Debian package may be created in the near future to simplify this process.


Click here for FIRE|GATE's SourceForge summary page.

The latest version of FireGate is first available for download at the author's website, and is uploaded shortly thereafter to mirror sites (within a few hours at most).

To download the tarball from the main site (containing this INSTALL file in both HTML and text formats, the CHANGELOG, GPL license, and actual script), click here. You can also grab just the original source by right-clicking here and choosing the "Save Target As..." option).

FIRE|GATE is also available from the author's mirror site, or from its freshmeat project page. Previous versions are available here.

The MD5 sum for firegate.079.tar.gz is aa028f4a0878d8e892865a5304f9430a .

Suggestions, comments or constructive criticism of this script are always welcome; please contact me via e-mail using or


OSI Certified Open Source Software

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, Version 2.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

(c) 2002-05 Jeff Bonner | Page Updated 17 Dec 2005