Routing from ISDN router into firewall, then to network

Routing from ISDN router into firewall, then to network

Post by John Ackermann N8 » Wed, 05 Apr 2000 04:00:00



I have a Netgear RT-328 ISDN router which works well, but doesn't give me
quite the level of firewall capability I'm looking for.  I want to build a
separate firewall machine, probably using the Linux Router Project as a base.

However, I have a problem:  the Netgear does not allow me to enter a route on
the ethernet interface that points to another gateway -- it assumes that it is
the gateway into the network, and there's no other intermediary.  Thus,
there's no direct way to tell it to forward all packets to the new firewall
machine.

The Netgear does support RIP-2 on both interfaces, though, and I wonder if
that might provide a solution.  I've never run RIP, so I'm a bit ignorant.

If I ran RIP on the new Linux firewall, would that be able to tell the Netgear
router to forward all packets to the firewall machine?  If so, what sort of
RIP configuration would I need to set up?

If RIP isn't the answer, can anyone suggest another way to make this work?

Thanks!

John Ackermann

 
 
 

Routing from ISDN router into firewall, then to network

Post by Robert Wallac » Thu, 06 Apr 2000 04:00:00


I think you want a system like this layout.

                            eth0                eth1
 <Internet>---<ISDN router>-----<Linux Machine>-----<Hub/Switch>----<Machine1>
                                  (Firewall)                    I              
                                                                I-<Machine2>    

The ISDN router should just forward any data sent to it to the machine its
connected.

The Linux machine needs two network cards setup with private IP's say 192.168.1.1
for eth0 and 192.168.1.2 for eth1.  The internal machine should all be given a
private ip say machine1 could be given 192.168.1.5 and machine2 given 192.168.1.6.

You need to set the default gateway on the Linux machine to the IP of the router.
This mean that any traffic sent here that is not for a local network machine will
be forwarded to the ISDN router which will dial out and connect and send data out
onto the Internet to it's destination.

Now setup IP masquerading on the Linux for the internal host. On the other machines
setup the DNS entries and the default gateway to the IP address of the Linux
machine (eth1).

PS

If you provider gives you one IP for the router and one for you actual machine. Use
the number given for you machine for network adapter eth0.

This is a simple explanation of the steps needed. If you need help on setting up IP
masquerading or any other area do ask?

--
Robert Wallace

 
 
 

Routing from ISDN router into firewall, then to network

Post by John Ackermann N8 » Thu, 06 Apr 2000 04:00:00



Quote:

>I think you want a system like this layout.

>                            eth0                eth1
> <Internet>---<ISDN router>-----<Linux Machine>-----<Hub/Switch>----<Machine1>
>                                  (Firewall)                    I              

>                                                                I-<Machine2>  

>The ISDN router should just forward any data sent to it to the machine its
>connected.

Thanks for the reply, Robert.  I think my problem is a bit different than the
answer you described (unless I missed something).  I already have the network
up and running with a block of 32 static IP addresses.  I see how what you're
suggesting would work if I were routing to a single IP and then using
masquerading, but I'm not -- I have three servers on the network, as well as a
bunch of PCs (which could be using masquerading, but are currently using
DCHP-assigned addresses from the 32 host subnet.  For reasons I won't go into
here, I want to put the servers behind the firewall (rather than in a DMZ) to
provide them with some protection.

My problem is convincing the router to use the firewall machine as a gateway
for the 32 host subnet.  Since the router supports RIP-2, I'm wondering if I
can use that capability to have the firewall box advertise itself as the
gateway, and have the router pick up the proper route that way.  The problem
is that I've never used RIP, so I don't know if this is doable, or if it is,
how to configure it.

John

Quote:

>The Linux machine needs two network cards setup with private IP's say
> 192.168.1.1
>for eth0 and 192.168.1.2 for eth1.  The internal machine should all be given a
>private ip say machine1 could be given 192.168.1.5 and machine2 given
> 192.168.1.6.

>You need to set the default gateway on the Linux machine to the IP of the
> router.
>This mean that any traffic sent here that is not for a local network machine
> will
>be forwarded to the ISDN router which will dial out and connect and send data
> out
>onto the Internet to it's destination.

>Now setup IP masquerading on the Linux for the internal host. On the other
> machines
>setup the DNS entries and the default gateway to the IP address of the Linux
>machine (eth1).

>PS

>If you provider gives you one IP for the router and one for you actual machine.
> Use
>the number given for you machine for network adapter eth0.

>This is a simple explanation of the steps needed. If you need help on setting
> up IP
>masquerading or any other area do ask?

 
 
 

1. SnapGear firewall, ADSL router and backup ISDN router

Hi to everyone,

I have the following configuration:

LAN ----> SnapGear Firewall ----> ADSL Router ----> Internet

I would like to re-use an ISDN router to setup a failover connection to the
Internet, like this:

LAN ----> SnapGear Firewall ----> ADSL Router ----> Internet
                                               ----> ISDN Router  ---->

I belive I've the following options:
1. static routes with different metrics and dead gateway detection: this
only  work if the firewall - ADSL router connection goes down, does not work
if the ADSL router - Internet connection (the one I'm concerned about) fail.
2. dynamic routing protocols, (ie gated or zebra) which should work but are
not installed on SnapGear...

It seems to me it can't be done with this hardware...
Maybe someone has a brighter idea ??? :-)

Kind regards,
    Corrado

2. Backup script?

3. Routing Linux 192.168.10.x network to Dlink router on 192.168.1.x network

4. PCI sound cards and modems

5. ? isdn firewall router and webserver

6. Distorted Sound

7. Linux Firewall/Router with ISDN Dial in Config Problems

8. Telnet Access

9. ISDN-ROUTER / Problem mit der "route.con"

10. ISDN-ROUTER / FRAGE ZUR "route.con"

11. Need help on Starcraft via ISDN->Linux Router->IPX-Routing->Win98

12. Linux router and ISDN/routing(?) problem

13. ISDN external bridge/router vs. Linux routing