[SOLVED] Do I need another router to firewall (terminate) a fixed ip DSL
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Do I need another router to firewall (terminate) a fixed ip DSL
My question is,
I have a block of 10 fixed i.p.s.
I have a netcomm nb6+4 wireless adsl router that briges the wan and gives me 4 ethernet and up to 8 wireless i.p's.
I have an ethernet router teminating one wan fixed I.P. that I use for office p.c's. 192.168.1.XXX
I have two linux machines on two their fixed i.p's termating on their eternet adaptors (as linux is is a firewall).
My question is this?
If I use the wireless in the dsl router, it appears to be www and is only available by setting the adaptor of a laptop to a fixed i.p. with it's subnet mask/gateway.
Is windows xp firewall enough to have the wireless adaptor terminating the fixed i.p. or should i install another wirelss router after one of the the existing routers just for protection. (behind the ethernet router if i want the laptop on the office lan, or behind the dsl router if i want a new lan subnet.
All bit I'm a newbie to Linux but I can assist in your network configuration. You say you have a block of 10IP address's have this been issued by your ISP? I get allocated out a block of 8 IP's from my ISP of which 5 are only usable. I currently sit behind a firewall using NAT and have coded in static NAT rules for certain devices (Easier to manage the internal network). For each of these NAT rule's I've built up access control rules i.e www forwarded to 220.127.116.11 from 18.104.22.168 on the external network.
Are you trying to achieve something like the above. (Sorry I'm only on my first coffee)
I need to know what you want to achieve as an end result? If you use the computers for surfacing e-mail downloads etc. then just leave the setup as default. If it's a more complicated environment i.e dedicated e-mail service MailerDaemon or something along those lines then you'd have to setup a PAT rule on the firewall. This means adding a Static internal IP address and assigning and external address. Then redirecting all tcp 110 POP3 traffic to this server. Your firewall may need to be changed as some standard ADSL router/modems can't cope with more than one external IP address.
xxx.xxx.xxx.004 is not used (1st)
xxx.xxx.xxx.005 is the lan ip of the dsl modem
xxx.xxx.xxx.006 is another eternet router behind the dsl modem for 3 office pc's lan
xxx.xxx.xxx.007 is a centos server
xxx.xxx.xxx.008 is a centos server
all i want to do is user the wireless connection on the nb6+4W dsl modem/router.
here, the only thing that works is to use one of my fixed ip addresses at the laptop wireless adaptor.
Q. does a modem/router usually offer any protection by default other than rules set up by the user?
should i use another wireless router (behind the modem)instead of having the fixed i.p at the laptop, as i understand this is briged connection with no router protection...
I've just found the router and Manual online which I've quickly skimming through as I type. It appears that the router you have is more designed for home user than an office but we'll have a go. Firstly I'd like to show the following setup as I would put into a small business suite. If you have the budget then I'd go with below
Because the router is in Bridged mode the only way your going to get out on the internet is via an external IP address assignment to anything. What would be better would be to make the router standard dialup router first as it comes out of the packet i.e. dhcp server giving out 192.x address's on lan and WIFI. That'll give all internal lan or wifi computers access to www without an external IP address. The hard part comes with the two servers you've got the option of using virtual servers in the advanced section of the firewall this will allow you to use port forwarding to certain address internal major draw back is that you'd have to use the external ip address of the firewall in order to accomplish this and change any dns records etc out in the wild.
You going to struggle with what you want to achieve with this router. Throwing more equipment at this problem is going to cause an nightmare administration job. As I siad I'd go with the solution I added above moeny permitted there are a few cheap firewalls out on the market you already have a router and then you need to create a backbone on your lan again very cheap switches out there and very cheap access points.
Sorry I can't really progress on this any further. I'll try and find an alternative way of doing during reading the manual.
I think yr right,
I'll look at yr setup as i have another wireless router.
everything works fine at the mom, all the the wan I.P addresses are available after the modem.
some terminate at servers ,
One happens to be a laptop on the wireless in the router.
I just need to know if it is technically safe to have the laptop aligned to the www as far as not having any router functions in front as to my understanding, the router briges all the wan i.p's to the ethernet/wireless ports.
Are all routers doing nothing really to the access unless rules are set?
The most safest place for any computer is without any sort of network attached to it... I assume the laptop is of Windows OS. My personel and professional view anything out on the web should be behind a firewall. Unfortunatley we have gone of the day's of compuserve and such like. Not neccesary because of hacking etc more for your privacy. If the laptop needs to sit on an external IP the first thing to do is switch netbios off via the registry search google for you OS. Obvouisly make sure your AV and Malware protection is on and disable any shares. There are pieces of software out there which can mask IP and MAC address's you'll have to search for them as I can't make recommendations.