firewall & NAT on DSL modem

firewall & NAT on DSL modem

Post by Joe » Fri, 29 Nov 2002 21:13:55



I am setting up a small home network 4 boxes (2 running Windows, 2
running Debian Woody), and with DSL access via a Netopia Cayman modem
router that provides NAT. Connection to my ISP is through PPPoE. My
ISP provides a stable IP address, which I will use to access my system
when away from home.

The network is currently working correctly including internet
access. My LAN IP's are in the 192.168.1.0 subnet. All the boxes have
the modem-router's internal port (192.168.1.254) set as their gateway.

After reading various lists, I decided that the modem-router's NAT was
not enough protection from the outside and that I should set up an
IP-Masquerading firewall on one of my Linux boxes. I followed the
Linux doc HOWTO, recompiled kernel, etc. etc. The software (iptables)
seems to be working correctly, but I am not sure about the overall
configuration of the network.

So here are my questions:

Should I continue to use the modem's NAT in conjonction with
IP-masquerading on the linux box?

If I disable NAT in my router, what should the gateway be
(/etc/network/interfaces) for eth0 of the firewalling box (eth0 being
the outside NIC)?

Hope this is clear enough, & thanks in advance!

 
 
 

firewall & NAT on DSL modem

Post by William Par » Sat, 30 Nov 2002 04:17:42



> I am setting up a small home network 4 boxes (2 running Windows, 2
> running Debian Woody), and with DSL access via a Netopia Cayman modem
> router that provides NAT. Connection to my ISP is through PPPoE. My
> ISP provides a stable IP address, which I will use to access my system
> when away from home.

> The network is currently working correctly including internet
> access. My LAN IP's are in the 192.168.1.0 subnet. All the boxes have
> the modem-router's internal port (192.168.1.254) set as their gateway.

> After reading various lists, I decided that the modem-router's NAT was
> not enough protection from the outside and that I should set up an
> IP-Masquerading firewall on one of my Linux boxes. I followed the
> Linux doc HOWTO, recompiled kernel, etc. etc. The software (iptables)
> seems to be working correctly, but I am not sure about the overall
> configuration of the network.

> So here are my questions:

> Should I continue to use the modem's NAT in conjonction with
> IP-masquerading on the linux box?

Both.  You can continue to use modem-router (192.168.1.0/24) and use the
Linux machine as gateway to yet another LAN (192.168.2.0/24).  But, why
though?  It would be better to do everything on Linux machine, since you
are doing firewall on it anyways.

Quote:

> If I disable NAT in my router, what should the gateway be
> (/etc/network/interfaces) for eth0 of the firewalling box (eth0 being
> the outside NIC)?

Since [eth0] is connected to the modem and hence to Internet, it should
have your Public IP.

Quote:

> Hope this is clear enough, & thanks in advance!

--

Linux solution for data management and processing.

 
 
 

firewall & NAT on DSL modem

Post by Joseph Fahe » Sun, 01 Dec 2002 20:48:06




> > I am setting up a small home network 4 boxes (2 running Windows, 2
> > running Debian Woody), and with DSL access via a Netopia Cayman modem
> > router that provides NAT. Connection to my ISP is through PPPoE. My
> > ISP provides a stable IP address, which I will use to access my system
> > when away from home.

> > Should I continue to use the modem's NAT in conjonction with
> > IP-masquerading on the linux box?

> Both.  You can continue to use modem-router (192.168.1.0/24) and use the
> Linux machine as gateway to yet another LAN (192.168.2.0/24).  But, why
> though?  It would be better to do everything on Linux machine, since you
> are doing firewall on it anyways.

Not doing double NAT makes sense. However, right now I have things set
up as a double LAN, and this works. The advantage (for me, with my
limited knowledge) of doing it this way is that the modem takes care
of the PPPoE connection. When I disabled NAT in the modem (& changed
the interface config), everything stopped working. I assume that I
would have to run a PPPoE program on the linux box.

I think I will eventually try to set things up that way, with no NAT
on the modem, but for now, since it is working, I may leave it alone,
unless there is a strong reason not to.

Thanks for your help.

Joe

 
 
 

1. DSL modem has NAT ... do I need firewall?

Hi

I've got a DSL modem which has a built in hub and has its own LAN address
and uses NAT.  I've set its LAN address to 192.168.2.254.  Its connected to
my linux box (firewall) only

I've set one NIC in my linux box to 192.168.2.1 and the other to 192.168.1.1
(192.168.1.0 is the LAN that I'm wanting to connect to the internet through
the linux firewall box)  So basically I've got 3 networks - the Lan
(192.168.1.0) and the miniLan between the linux firewall and the modem
(192.168.2.0) and of course the internet (0.0.0.0)

Since the modem already does NAT, do I need to set up ipchains and
masquerading?  I figure I don't need masquerading - but what about ipchains?

At this point, I've got no 'connection' between the 192.168.2.0 and the
192.168.1.0 networks.  All I really want to do is make that connection - in
the safest possible way.

Regards
Gavin

2. TCP/IP Configuration Question

3. ppp & dynamic IP & firewall & nat

4. Ulra 5 24 bit res

5. mandrake 8.2 & dyndns.org & netopia dsl modem & linksys router

6. Making a popen() replacement with vfork()

7. Linux DSL & Intel 1200 Pro DSL Modem

8. rpm for g77?

9. dsl modem driver for Intel PRO/DSL 2100 Modem??

10. OpenBSD 2.9 (IPF & NAT) Firewall & Microsoft VPN problem

11. Linux firewall & load-balancing NAT & NT-IIS

12. DSL modem, static and NAT

13. DSL modem and NAT