dsl & firewall design question

dsl & firewall design question

Post by Pumpkinhe » Wed, 01 May 2002 15:04:19



Hi gang,

I have a DSL modem connected to a LinkSys
hub/router/dhcp_server/firewall unit.  All this stuff is built into it
( http://www.linksys.com/Products/product.asp?grid=23&prid=20 ).

My first question is whether the NATing done by the LinkSys unit is
sufficient to proctect a home network.

Secondly, if not, where would I place a Linux/BSD box to act as an
actual firewall (using Netfilter) and what would be the basic config?
Is this easy to do?

What I don't get is the authentication part.  You see, the LinkSys has
my domain (the ISP's), my userid, and my passwd configured within it.
So this is how I make connections.  But if I remove it, and put in my
OpenBSD box, then how does it work?

Peter

 
 
 

dsl & firewall design question

Post by Sebastian Co » Fri, 03 May 2002 13:21:35




Quote:> Hi gang,

> I have a DSL modem connected to a LinkSys
> hub/router/dhcp_server/firewall unit.  All this stuff is built into it
> ( http://www.linksys.com/Products/product.asp?grid=23&prid=20 ).

> My first question is whether the NATing done by the LinkSys unit is
> sufficient to proctect a home network.

Yes and no. It depends on how sensitive the information is behind the
NAT (note i said NAT not firewall. NAT isn't a true firewall but is
usually sufficient for home networks).

Quote:> Secondly, if not, where would I place a Linux/BSD box to act as an
> actual firewall (using Netfilter) and what would be the basic config?
> Is this easy to do?

> What I don't get is the authentication part.  You see, the LinkSys has
> my domain (the ISP's), my userid, and my passwd configured within it.
> So this is how I make connections.  But if I remove it, and put in my
> OpenBSD box, then how does it work?

I can answer both of these questions together. You can do this one of
two ways. 1) You can put a linux/freebsd/openbsd box behind the NAT.
Allow the nat to do it's job, but point everything you want NAT'd to the
BSD box then from the BSD box, you can packet filter AND nat, to
anything behind it..... 2) you can set the BSD box as the connection
appliance to the DSL connection. Linux/FreeBSD are perfectly capable of
connecting to pppoe DSL. Just research it. I don't know if they've
changed FBSD to have NETGRAPH and such in the base kernel, in version
4.2 or so, you had to build a kernel capable of connecting to DSL...
doesn't really matter tho, when you build the IPF/IPNAT firewall, you
would rebuild the kernel anyway.. no big deal. As for Linux, I think
most of the major distro's have this built in.

--
s.c.

 
 
 

1. help with designing & implementing linux firewall

Hello Everyone,

After a few weeks of reading and trial & error, I have been able to implement IP chains
and IP masq to run on my linux box (RedHat version 6.1 with kernel 2.2.16).  Now my
local network can access the Internet with no problem.  Now I would like to take it to
another level.  Any suggestions from anyone is greatly appreciated.  

I would like to implement two firewalls configuration.  The first linux firewall is directly
connected to the Internet.  This firewall has two interfaces.  The external interface IP
address is 199.0.216.222.  The internal interface has an IP address of 192.168.1.1
(private address range or RFC1918).  This internal interface is connected to a
network which consists of web server, ftp server and mail server.  I call the
192.168.1.0 network the DMZ network.  Furthermore, I call the first firewall "choke".

The second linux firewall also has two interfaces.  The external interface is connected
to the 192.168.1.0 network.  The internal interface is connected to the 172.16.1.0
network which is a private corporation that has about 100 nodes on this network.
Behind the second firewall consists of various Microsoft Windows and Linux
machines running various applications.  

I would like to accomplish the following objectives:

1) Allow users from 172.16.1.0/24 network to access the Internet with applications
such as http, ftp, telnet and smtp,

2) Protect the private network.  However, I would like users on the Internet to access
some linux machine in the 172.16.1.0 network with applications such as SSH,

3) Internet users should be able to access both the FTP and WWW servers which
are sitting behind the first firewall.

My question is this:  Can this be done with just one valid IP address?  Is it possible
for the network behind the first firewall to be in private IP address range (RFC1918)?
What exactly do I need to do on both firewalls?  

Before you start telling to read books and figure it out, I would like to say that I have
spent a lot of time at Border and Barnes & Noble to research on this implementation.
They only provide me with piece-meal solutions... I need someone who can give
me a general idea with this implementation to jump start my research (again)... Please
provide me what I have to do.... I need help guy..... Please help me....

Thanks.
David

2. pb: catching signals in a multi-threaded process

3. How to backgroud some software!!!

4. DNS, firewall/network design question

5. Kernel panic: aha152x panic (during LILO install)

6. firewall & NAT on DSL modem

7. svgalib setup

8. DSL, Static IP's, & Firewall

9. Linux DSL & Intel 1200 Pro DSL Modem

10. pppd & pppoe & dsl & 2.4.1

11. mandrake 8.2 & dyndns.org & netopia dsl modem & linksys router

12. pppd & pppoe & dsl & 2.4.1