Before even starting off, apologies for the newbie questions, on the
other hand: *I need help!*
ADSL running with DHCP'ed IP from our ISP. The router is a 677, with
LAN-IP = 10.100.1.1. This router is doing NAT. Our problem is that we
are in the Middle East, with a paranoid ISP, so on the router we
cannot change any settings.
I want to setup a linux router/fw for the network. IP Range on Private
network is 192.168.x.y (where x is actually room numbers in the
building)(mask = 255.255.0.0) My question then is this:
a) Can I plug the DSL router Internal interface into a hub, with the
linux box's External interface into the same hub? (The reason for this
is that I want to put a second fw with same config into that hub as a
backup at some stage) Or is is better to plug the external-fw cable
directly into the LAN port of the 677?
b) Do I assign a Firewall-External-IP of 10.100.1.5, 255.0.0.0,gateway
10.100.1.1, and FW-Internal-IP of 192.168.x.y?
c) Do I need to enable NAT on the firewall machine even if 677 is
doing it already, is this "double-nat" healthy?
d) I want to use IPTables, and make the fw-internal-IP the gateway
address of the private network PC's. have tried Shorewall, but despite
IP-forwarding showing enabled, I can get from the fw out, but not from
inside the private network. (Even if rules permit it)
I guess in short I am not conceptually sure what fw/gateway features
to use with this specific network. Any help would be *hugely*
appreciated. I don't mind reading through any literature, as long as
someone could tell me what my setup should/could look like, or what I
need to install on the fw. Used RH8 +9 up to now. I would need to have
a mail server (with dyndns) up on the private network as well in the
future, as well as transparent squid.
Thanks in advance!