LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-25-2010, 12:49 AM   #1
devwink
Member
 
Registered: May 2006
Posts: 49

Rep: Reputation: 15
Do I need another router to firewall (terminate) a fixed ip DSL


Hi All,

My question is,
I have a block of 10 fixed i.p.s.

I have a netcomm nb6+4 wireless adsl router that briges the wan and gives me 4 ethernet and up to 8 wireless i.p's.

I have an ethernet router teminating one wan fixed I.P. that I use for office p.c's. 192.168.1.XXX

I have two linux machines on two their fixed i.p's termating on their eternet adaptors (as linux is is a firewall).

My question is this?
If I use the wireless in the dsl router, it appears to be www and is only available by setting the adaptor of a laptop to a fixed i.p. with it's subnet mask/gateway.

Is windows xp firewall enough to have the wireless adaptor terminating the fixed i.p. or should i install another wirelss router after one of the the existing routers just for protection. (behind the ethernet router if i want the laptop on the office lan, or behind the dsl router if i want a new lan subnet.

Thanks for yr advice?
 
Old 03-25-2010, 04:00 AM   #2
al_bye
LQ Newbie
 
Registered: Mar 2010
Distribution: Ubuntu 9.10, Ubuntu Netbook-Remix
Posts: 26

Rep: Reputation: 17
Hi DevWink

All bit I'm a newbie to Linux but I can assist in your network configuration. You say you have a block of 10IP address's have this been issued by your ISP? I get allocated out a block of 8 IP's from my ISP of which 5 are only usable. I currently sit behind a firewall using NAT and have coded in static NAT rules for certain devices (Easier to manage the internal network). For each of these NAT rule's I've built up access control rules i.e www forwarded to 192.0.1.1 from 81.12.1.63 on the external network.

Are you trying to achieve something like the above. (Sorry I'm only on my first coffee)
 
Old 03-25-2010, 05:09 AM   #3
devwink
Member
 
Registered: May 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Thanks Al Bye,

sorry, I have the same as you, 5 usable,from 8 cant use the first and last and 2nd is gateway..

I have Nat enabled, I can get my wireless to work with one of the fixed i.p's using a 255.255.248 subnet mask and the second lowest as the gateway.

Sorry to sound vague but it is my understanding that the router prtects the computers by blocking all ports and then allowing some.

I would have no idea about how to edit a std scenareo for a nat connection.

Should i use i.p filtering to block by default and start opening ports as required for that i.p

Protocol | Source IP addr| Dest IP addr |Port | Range |Allow Edit
Start| End

sorry to seem vauge ,, i'm a newbie to this

Doesnnt seem to be much in the nat region as far as rules

Thanks again

Last edited by devwink; 03-25-2010 at 05:16 AM.
 
Old 03-25-2010, 02:36 PM   #4
al_bye
LQ Newbie
 
Registered: Mar 2010
Distribution: Ubuntu 9.10, Ubuntu Netbook-Remix
Posts: 26

Rep: Reputation: 17
Hi Dev,

I need to know what you want to achieve as an end result? If you use the computers for surfacing e-mail downloads etc. then just leave the setup as default. If it's a more complicated environment i.e dedicated e-mail service MailerDaemon or something along those lines then you'd have to setup a PAT rule on the firewall. This means adding a Static internal IP address and assigning and external address. Then redirecting all tcp 110 POP3 traffic to this server. Your firewall may need to be changed as some standard ADSL router/modems can't cope with more than one external IP address.

Cheers,

Al
 
Old 03-25-2010, 04:18 PM   #5
devwink
Member
 
Registered: May 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Thanks Al

I Guess what i'm asking is

my router is set up as the like this:

xxx.xxx.xxx.004 is not used (1st)
xxx.xxx.xxx.005 is the lan ip of the dsl modem
xxx.xxx.xxx.006 is another eternet router behind the dsl modem for 3 office pc's lan
xxx.xxx.xxx.007 is a centos server
xxx.xxx.xxx.008 is a centos server

all i want to do is user the wireless connection on the nb6+4W dsl modem/router.

here, the only thing that works is to use one of my fixed ip addresses at the laptop wireless adaptor.

Q. does a modem/router usually offer any protection by default other than rules set up by the user?

should i use another wireless router (behind the modem)instead of having the fixed i.p at the laptop, as i understand this is briged connection with no router protection...

Thanks again, i can draw a map if that helps

Last edited by devwink; 03-25-2010 at 04:21 PM.
 
Old 03-26-2010, 09:25 AM   #6
al_bye
LQ Newbie
 
Registered: Mar 2010
Distribution: Ubuntu 9.10, Ubuntu Netbook-Remix
Posts: 26

Rep: Reputation: 17
Hi,

I've just found the router and Manual online which I've quickly skimming through as I type. It appears that the router you have is more designed for home user than an office but we'll have a go. Firstly I'd like to show the following setup as I would put into a small business suite. If you have the budget then I'd go with below

1. Dedicated Router
2. Firewall
3. 10/100/1000 switch
3. Wireless Access Point

Because the router is in Bridged mode the only way your going to get out on the internet is via an external IP address assignment to anything. What would be better would be to make the router standard dialup router first as it comes out of the packet i.e. dhcp server giving out 192.x address's on lan and WIFI. That'll give all internal lan or wifi computers access to www without an external IP address. The hard part comes with the two servers you've got the option of using virtual servers in the advanced section of the firewall this will allow you to use port forwarding to certain address internal major draw back is that you'd have to use the external ip address of the firewall in order to accomplish this and change any dns records etc out in the wild.

You going to struggle with what you want to achieve with this router. Throwing more equipment at this problem is going to cause an nightmare administration job. As I siad I'd go with the solution I added above moeny permitted there are a few cheap firewalls out on the market you already have a router and then you need to create a backbone on your lan again very cheap switches out there and very cheap access points.

Sorry I can't really progress on this any further. I'll try and find an alternative way of doing during reading the manual.
 
Old 03-27-2010, 06:26 AM   #7
devwink
Member
 
Registered: May 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Thanks Al,
I think yr right,
I'll look at yr setup as i have another wireless router.

everything works fine at the mom, all the the wan I.P addresses are available after the modem.

some terminate at servers ,

One happens to be a laptop on the wireless in the router.

I just need to know if it is technically safe to have the laptop aligned to the www as far as not having any router functions in front as to my understanding, the router briges all the wan i.p's to the ethernet/wireless ports.
Are all routers doing nothing really to the access unless rules are set?

Thanks again for all yr help.

David
 
Old 03-28-2010, 01:48 PM   #8
al_bye
LQ Newbie
 
Registered: Mar 2010
Distribution: Ubuntu 9.10, Ubuntu Netbook-Remix
Posts: 26

Rep: Reputation: 17
Hi,

The most safest place for any computer is without any sort of network attached to it... I assume the laptop is of Windows OS. My personel and professional view anything out on the web should be behind a firewall. Unfortunatley we have gone of the day's of compuserve and such like. Not neccesary because of hacking etc more for your privacy. If the laptop needs to sit on an external IP the first thing to do is switch netbios off via the registry search google for you OS. Obvouisly make sure your AV and Malware protection is on and disable any shares. There are pieces of software out there which can mask IP and MAC address's you'll have to search for them as I can't make recommendations.

Good Luck
 
Old 03-29-2010, 07:49 AM   #9
devwink
Member
 
Registered: May 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Thanks Al,

That's what I was unsure about. Happy to know i was a bit on the right track and that there is a difference between public i.p's (without and without using a router).

For the $80 (Aus.. we pay double for stuff) , i'll put a wireless router in place of the office network router and I can then share printers and files on windows network.

Thanks so much for your help as always

Regards

David
 
  


Reply

Tags
adaptors, firewall, fixed, ip, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Connecting to a wireless router Netgear WGR614 with firewall enabled using DSL Tim Marchand Linux - Newbie 13 07-09-2008 02:54 PM
linux as router/gateway/firewall to dsl-router sjoerdvvu Linux - Networking 2 02-24-2006 10:56 PM
Router/firewall/webserver 2 nics dsl question don_from_wi Linux - Networking 2 03-29-2005 06:02 PM
DLink DSL router/firewall adenardo Linux - Networking 5 06-13-2003 01:39 AM
DSL/ Linksys DSL Router/ Linux cant see the network... Robert0380 Linux - Networking 9 04-03-2002 04:09 AM


All times are GMT -5. The time now is 11:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration