rc.firewall, DHCP, not my router

rc.firewall, DHCP, not my router

Post by Ale » Wed, 21 Apr 2004 06:55:45



Hello all:

My landlord shares his wireless DSL with the rest of the folks in the
house/apartment.  He has an Airport router which serves up DHCP (and
receives a single dynamic IP from the provider).  I am running a
webserver behind the router through dyndns.org and now I would like to
put rc.firewall in place with some good rules.  The only problem is I
can only assign my ethernet card a private IP. (no sense having two
ethernet cards for this set-up)

Is there a good rc.firewall ruleset that addresses this set up?  I'm
guessing this would be nearly impossible since everything is private
IP.  I don't have access to his router (to replace his airport with a
linux firewall leading directly out to the provider, for example).
Unless there is some way to specify that all incoming traffic from the
gateway...  but, see!  I don't think so.

Any help would be appreciated.  Thanks in advance to the group and to
any effort toward helping to sort this out.

Alex

 
 
 

rc.firewall, DHCP, not my router

Post by chris-use.. » Fri, 30 Apr 2004 23:26:05



> My landlord shares his wireless DSL [...] which serves up DHCP (and
> receives a single dynamic IP from the provider). I am running a
> webserver behind the router through dyndns.org.

Then the only people who will be able to see your webserver will be
people on your private network. DynDNS will advertise your server's
private IP address, which is totally useless to anyone else.

Quote:> I can only assign my ethernet card a private IP. (no sense having two
> ethernet cards for this set-up)

You don't need two cards to have two IP addresses. But that's irrelevant
anyway...

Quote:> I'm guessing this would be nearly impossible since everything is
> private IP.

No, not "nearly" impossible. It's totally impossible given the groundrules
you've laid out.

Quote:> I don't have access to his router (to replace his airport with a
> linux firewall leading directly out to the provider, for example).
> Unless there is some way to specify that all incoming traffic from the
> gateway...  but, see!  I don't think so.

That is the essential (and pretty much only) step. You need to get the
router to forward port 80 packets from its public interface to your
machine. This in turn requires that you get the same (fixed) IP address
from the router.

Chris