DSL, Static IP's, & Firewall

DSL, Static IP's, & Firewall

Post by John Nunle » Sun, 07 Nov 1999 04:00:00



I'd like to setup a small network of 3 computers (Win98) on a DSL connection which will have unique
static IP addresses for each machine.  But I don't want each machine sitting on the DSL hub.  I'd
like to put a firewall machine between the DSL router and the private network, at the same time
keeping the static IP mapping for each machine.  In other words, I don't need a proxy server but I
do want a firewall for each IP address.  

I'm thinking of setting up a Linux box with 4 network cards (3 to interface with the DSL router and
one to interface to the private sub net).  I'm very new to Linux and firewalls.  Can some one tell
me if I'm on the right track with this idea?  Or is there a better way to accomplish my goal without
spending big bucks on special hardware?  

Actually I'm not sure if the approach I'm thinking of is the best or not.  This networking stuff is
fairly new to me.  Here's what I've got right now.

A DSL connection with one dynamically (DHCP) assigned IP address which feeds to a Win98 box running
Wingate 3.  The Wingate machine feeds a local hub which has three machines (2 Win98 and 1 Linux).
I've got the Win98 machines working as well as can be expected by sharing one public IP address.
All outgoing TCP and UDP requests work well.  Wingate has no problem doing the NAT outbound.  The
problem comes about when trying to map incoming port requests.

For example IRC's Ident function (Authentication) appear at the router on port 113.  I can set a NAT
entry in the DSL router to past the request to the Wingate machine just fine.  But the problem then
becomes... where to map the request from there.  I basically have to pick on machine to pass all
Ident requests to.  Bottom line... only one work station on my network can run an IRC server that
uses authentication.

This same inbound port mapping problem is present in a number of other applications.  So, one
solution is to buy a block of static IP addresses.  One for each machine on the local network.  But,
I don't want to place the Win98 machine directly on the Internet and expose all ports.  I want to
have a firewall between.

So, my thought is that by putting 3 network cards at the gateway, I can assign a unique IP mapping
from the outside world to the machines on the local network.

Other changes that I'm going to make at the same time is to make the gateway box a Linux machine
(putting my three Win98 machines as client machines on the local network).  I'm new to Linux, is
this a resonable approach to the problem?  And can Linux be configured to handle this type of setup?

Thanks in advance for taking the time to help... I appreciate the assistance.

 
 
 

DSL, Static IP's, & Firewall

Post by Eugen » Mon, 08 Nov 1999 04:00:00


Quote:> I'm thinking of setting up a Linux box with 4 network cards (3 to interface with the DSL router and
> one to interface to the private sub net).  I'm very new to Linux and firewalls.  Can some one tell
> me if I'm on the right track with this idea?  Or is there a better way to accomplish my goal without
> spending big bucks on special hardware?

uhhm, two network card will do - one for the local hub, one for the DSL modem.
The Linux firewall box will do IP forwarding to the win98 machines behind it. You'll also want to have
it block certain ports (netbios comes to mind...)

Eugene