plea for help - setting up firewall / network

plea for help - setting up firewall / network

Post by Brehme » Fri, 11 May 2001 13:43:54



Hi ladies & gents-

I have a decent working knowledge of Linux; I have next to no idea how
to network.  Maybe someone can lend me a hand & suggest how to do the
following:

INTERNET
|
|
LINUX FIREWALL---DMZ linux BOX
|
|
WIN2K SERVER
|
|
ROUTER
-----------------------------------
|       |               |
linux   windows windows
BOX 1   BOX 2           BOX 3

I have been running Slack for a while now so I can deal with the
nuances of ipforwarding, etc.

However, I have yet to figure out how to setup the IP Addresses,
Gateway, Subnet(s), etc.

Would it work if I used, say, the following:

LINUX FIREWALL:
---------------
nic 0:  dhcp            // interface to net

nic 1:  internal        ip:             192.168.0.1 (?)
                        gateway:        192.168.0.1 (?)
                        subnet:         255.255.255.0 (?)

nic 2:  dmz             ip:             192.10.0.1      (?)
                        gateway:        192.168.0.1     (?)
                        subnet:         255.255.255.0   (?)

WIN2K SERVER:  
---------------
nic 0:                  // connect to firewall
                        ip:             (?)
                        gateway:        (?)
                        subnet:         (?)

nic 1:                  
                        ip:             (?)
                        gateway:        (?)
                        subnet:         (?)

ROUTER:
----------------
                        ip:             (?)
                        gateway:        (?)
                        subnet:         (?)

...okay i'll stop here.  it shows how clueless i am.  If anyone could
suggest where to start I'd appreciate it.  I have looked online
(google, practicallynetwork, linksys, etc) & also have the book
"Building linux & OpenBSD firewalls" but have found no

I tried to set it up & the pings resulted in nothing.  I didn't expect
it to work, especially since I have no idea what i'm doing... =)

Do I need DNS(?)  What else do I need to consider here(?)  NAT(?).
Thanks for any suggestions.

Blessed are you wisdom of the network people,

Brehm          

 
 
 

plea for help - setting up firewall / network

Post by Mondrai » Fri, 11 May 2001 02:52:17


consider:
http://www.linuxdoc.org/HOWTO/HOWTO-INDEX/howtos.html

in particular: "Net-HOWTO" (Linux Networking HOWTO)
http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html

,,
mondrain

 
 
 

plea for help - setting up firewall / network

Post by Daniel Katz-Braunschwei » Fri, 11 May 2001 06:19:49


Brehmel:

I think you might be making this more difficult than it needs to be.  Why
not just one NIC connected to the subnet with the Win2K server (DMZ) and one
NIC connected to the LAN subnet.  In that case you just set your Ip on NIC 1
(to the LAN) to 192.168.1.1/255.255.255.0 and your NIC 2 (to the SMZ) to
192.168.2.1/255.255.255.0.  The Firewall's Default GW should be set by the
third NICs DHCP.  Set your LAN clients to addresses in the 192.168.1.X range
(not .1) and the DG to 192.168.1.1.

Your only difficulty is WINS and/or DNS, let me know if you need help with
that. (Best to contact me via email).

IMHO why add complexity if it doesn't really add security,
Daniel Katz


> Hi ladies & gents-

> I have a decent working knowledge of Linux; I have next to no idea how
> to network.  Maybe someone can lend me a hand & suggest how to do the
> following:

> INTERNET
> |
> |
> LINUX FIREWALL---DMZ linux BOX
> |
> |
> WIN2K SERVER
> |
> |
> ROUTER
> -----------------------------------
> | | |
> linux windows windows
> BOX 1 BOX 2 BOX 3

> I have been running Slack for a while now so I can deal with the
> nuances of ipforwarding, etc.

> However, I have yet to figure out how to setup the IP Addresses,
> Gateway, Subnet(s), etc.

> Would it work if I used, say, the following:

> LINUX FIREWALL:
> ---------------
> nic 0: dhcp // interface to net

> nic 1: internal ip: 192.168.0.1 (?)
> gateway: 192.168.0.1 (?)
> subnet: 255.255.255.0 (?)

> nic 2: dmz ip: 192.10.0.1 (?)
> gateway: 192.168.0.1 (?)
> subnet: 255.255.255.0 (?)

> WIN2K SERVER:
> ---------------
> nic 0: // connect to firewall
> ip: (?)
> gateway: (?)
> subnet: (?)

> nic 1:
> ip: (?)
> gateway: (?)
> subnet: (?)

> ROUTER:
> ----------------
> ip: (?)
> gateway: (?)
> subnet: (?)

> ...okay i'll stop here.  it shows how clueless i am.  If anyone could
> suggest where to start I'd appreciate it.  I have looked online
> (google, practicallynetwork, linksys, etc) & also have the book
> "Building linux & OpenBSD firewalls" but have found no
> solutions...please suggest where to go - I am losing my sanity looking

> I tried to set it up & the pings resulted in nothing.  I didn't expect
> it to work, especially since I have no idea what i'm doing... =)

> Do I need DNS(?)  What else do I need to consider here(?)  NAT(?).
> Thanks for any suggestions.

> Blessed are you wisdom of the network people,

> Brehm

 
 
 

plea for help - setting up firewall / network

Post by Dean Thompso » Fri, 11 May 2001 13:28:28


Hi!,

Quote:> I have a decent working knowledge of Linux; I have next to no idea how
> to network.  Maybe someone can lend me a hand & suggest how to do the
> following:

> INTERNET
> |
> |
> LINUX FIREWALL---DMZ linux BOX
> |
> |
> WIN2K SERVER
> |
> |
> ROUTER
> -----------------------------------
> |       |               |
> linux   windows windows
> BOX 1   BOX 2           BOX 3

Why not eliminate the Win2K server and Router and just have the Linux box do
the routing for you as well as providing you with a firewall service.  The
Win2K server could then join the rest of the boxes on the network.

You would have the firewall feed into a hub which the rest of the boxes and
the Win2K server could connect too.  It would be even better if you could lay
your hands on a switch where you could put the server on its own segment.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+