Newbie questions about firewalls, masquerading, and forwarding

Newbie questions about firewalls, masquerading, and forwarding

Post by Ivan » Fri, 02 Nov 2001 13:50:47



Hi, i'm trying to setup a linux firewall box (RH 7.1) which have 2 ethernet
cards (one connecting to inet thru a cable modem and getting its IP by DHCP
eth1, and the other local connecting to another box (RH or w2000) eth0)

After reading LDP HOWTOs for some days i still have some questions /
problems:

My first question: is there any way of automatically setting the gateway
for the local card so if the real IP address changes the gateway is
autoconfigured? (right now i do this manually editing
/etc/sysconfig/network-scripts/ifcfg-eth0)

Next questions: i want to have a little web server in the other local box,
it should also have almost full access to the internet (browsing webpages,
reading newsgroups, playing multiplayer games... :)
- how do i have to configure ipchains?
- what do you suggest, masquerading, port forwarding or what?
- can you suggest me a tiny configuration for ipchains?
the only way i can make it working now with masquerading is setting all
incoming/outgoing rules to ACCEPT... which turns the firewall quite useless
right? :)

ah, and do i have to set any special settings of the routes for this system?

as you can see i'm fairly new with networks, and not very good at english
too, sorry

ah the last question, i have noticed the NOTRAILERS setting in the ifconfig
program when getting the inet parameters by DHCP for eth1, i don't know
what it means but i guessed it could be that the packets will not be
forwarded to the local network, so that's the reason for masquerading in
this network (i tried without masq and it didnt worked) but i'm not sure
what it means, nor couldnt find it in the ifconfig manual, anyone can tell
me exactly what it means? Thanks

Ivan

 
 
 

Newbie questions about firewalls, masquerading, and forwarding

Post by Dean Thompso » Fri, 02 Nov 2001 21:02:11


Hi!,

Quote:> Hi, i'm trying to setup a linux firewall box (RH 7.1) which have 2 ethernet
> cards (one connecting to inet thru a cable modem and getting its IP by DHCP
> eth1, and the other local connecting to another box (RH or w2000) eth0)

> After reading LDP HOWTOs for some days i still have some questions /
> problems:

> My first question: is there any way of automatically setting the gateway
> for the local card so if the real IP address changes the gateway is
> autoconfigured? (right now i do this manually editing
> /etc/sysconfig/network-scripts/ifcfg-eth0)

I don't follow, your internal card should have a static address and it should
never change.  The definitions in ifcfg-eth0 should be executed when you boot
up.  I can't see the connection between your eth0 device and the IP address
changing on eth1.  Your ipchains/iptables statements shouldn't be configured
in such a way as eth0 depends on the IP address of eth1.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

Newbie questions about firewalls, masquerading, and forwarding

Post by Karl Heye » Fri, 02 Nov 2001 22:34:04



> Hi, i'm trying to setup a linux firewall box (RH 7.1) which have 2 ethernet
> cards (one connecting to inet thru a cable modem and getting its IP by DHCP
> eth1, and the other local connecting to another box (RH or w2000) eth0)

> After reading LDP HOWTOs for some days i still have some questions /
> problems:

> My first question: is there any way of automatically setting the gateway for
> the local card so if the real IP address changes the gateway is
> autoconfigured? (right now i do this manually editing
> /etc/sysconfig/network-scripts/ifcfg-eth0)

If your ip is static then your gateway is as well, your privider will tell
you the ip of the gateway.  You could also get the information from PPPoE
or DHCP.     A gateway isn't tied to a NIC, it's listed in the routing table.

Quote:> Next questions: i want to have a little web server in the other local box,
> it should also have almost full access to the internet (browsing webpages,
> reading newsgroups, playing multiplayer games... :) - how do i have to
> configure ipchains?
> - what do you suggest, masquerading, port forwarding or what? - can you
> suggest me a tiny configuration for ipchains? the only way i can make it
> working now with masquerading is setting all incoming/outgoing rules to
> ACCEPT... which turns the firewall quite useless right? :)

if you IP range is private (eg 192.168.x.x) then you need port forwarding to
allow external access to the web server.  HTTP and NNTP connections are dealt
with by the forwarding easily but multiplayer games might need special
configuration.

Quote:> ah, and do i have to set any special settings of the routes for this system?

doesn't sound like it, not for your system. You could do rate limitation so
that one connection doens't starve another, but leave it to later.

karl.

 
 
 

1. Newbie Question concerning MASQUERADING and FIREWALLING

Hi!

Since I run a LAN with several hosts and am connected to the InterNet (via
ISDN dialup) I want to let the Linux Server/Gateway masquerade the others.
Now my question:

1. As far as I know, Linux can handle masquerading when specified during the
   kernel compilation. Are there known kernels with bugs in Masquerading?

2. After installing masquerading support into the kernel, I believe I need
   to run daemons - Somehow, I have ipfw in mind. Where can I get it? Any
   suggestions about configuration?

Besides: Yepp, I have read the Firewall HOWTO. However, it doesn't answer
these questions, I think ;-)

Thanks for support!

CU

-JF-

--


2. Windows or Unix - which for Web Server ?

3. IP forwarding in firewalls and masquerade boxes

4. LILO - Can't boot Win98 on HPT370 ATA100

5. forwarding, masquerading, firewalling??????

6. Problems with AWE32

7. Masquerading Trouble...firewall and forwarding work great. (help)

8. Semaphores & Shared Memory

9. Masquerading, forwarding, firewalling Oh My.

10. enabling port forwarding on a MASQUERADING firewall

11. Newbie Q: How to open ipchains firewall to forward ports to XBox Live

12. IP forwarding/Masquerading Questions..

13. Flame my Firewall - Masquerade Masquerade !