Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to set up a firewall between my cable modem and my already-firewall-equipped router. Unfortunately I have no clue what I'm doing.
Anyone know of any really good HOWTO's for setting up two ethernet cards, iptables, and masquerading on a 2.4 kernel? The only one I've been able to find was written for 2.1 and used ipchains, plus involved compiling a custom kernel from scratch. I don't want to go THAT far.
Alright, I'm confused. eth0 is going to be connected to the cable modem, obviously. eth1 will be connected to my Linksys 4-port router via the WAN port. My question is this: will eth1 get an IP address from the router via DHCP, just like all my other computers? Or will I have to manually assign it an IP address? The router assigns itself 192.168.1.1, and all computers attached 192.168.1.100 through .150.
You will need to give eth1 a static IP address on a subnet other than 192.168.1.x. I use 192.168.0.x, but anything else in the 192.168.x.x range would work just fine.
The reason for this is the router needs to have a default gateway to reach the Internet, and that gateway should be the same every time it tries to connect or you'll be reconfiguring it often. It's unlikely that 1) the router can serve up DHCP addresses on the WAN port and 2) if it could that it would know to use the newly assigned IP address as its default gateway.
In the end, you'll probably be running three different subnets (unless your cable modem does IP passthrough).
Cable Modem <---subnet 1---> firewall <---subnet 2----> router <---subnet 3----> rest of the network.
Just an FYI, Linux as a firewall is also a router, so you really don't need another router unless you don't have a functioning hub or switch. Even so, you could just not use the WAN port on the router and instead use it as a hub. Then, the computers on your network would use the firewall as their default gateway (you could setup Slack to run a DHCP server to avoid reconfiguring everything). My network looks like this:
DSL modem <--- 192.168.1.x ---> Smoothwall firewall <---- 192.168.0.1 -----> switch and rest of network I run Smoothwall because I find it much easier to use and less painful than configuring iptables by hand.
Thanks. I just want to be able to drop the Linux machine in between my existing router and the cable modem. This waythe Windows computers see absolutely nothing different, and the Linux machine can just sit there filtering and blocking packets from ever reaching the router. I realize I could make things simpler by simply going out and buying a switch and using the Linux machine as a DHCP server/packet forwarder, but it's much simpler this way.
I've done away with the "sitting between the router and the Cable Modem" idea and just decided to use the router for switching purposes. Is this correct?
Code:
__________
/ \
| INTERNET |
\__________/
|
V
24.XXX.XX.XXX
__
|o | CABLE
|o | MODEM
|o |
|o |
| |
----
|
V
192.168.1.1 (eth0)
_______
|__|__|_| LINUX
|_|__|__| FIREWALL
|__|__|_|
|_|__|__|
|__|__|_|
192.168.0.1(eth1)
|
V
_______
|= = = =| SWITCH
|_______|
/|\
/ | \
V V V
COMPUTERS
Alright, it isn't, and I think the problem has to do with the IP address I am assigning eth0. My Windows computers can ping 192.168.1.10 (eth1) just fine. I have followed this tutorial: http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/
Should I really be assigning a 192.168.xxx.xxx address to eth0, and not the IP address assigned by my ISP? How do I determine the IP address I have been assigned?
I'm with Phathead. Smoothwall on a little ol' bit of tin I had lying around took about 15 minutes to get going once I'd figured out how to get the CD drive working. Actually I have a config almost just like his and it works.
If your ISP is telling you to use a particular static IP then you must assign this to eth0 (WAN side of firewall) else ISP won't see you.
Check that your ISP doesn't want you to use DHCP on their side though as this might be messing you up with the addressing e.g.
DSL Modem <---- DHCP ----| Firewall |--Static IP--> Hub <-- rest of PC's static IP or DHCP (on your own inbound DHCP server) -->
No static IP, that's what hadme confused. I would have known what to do had I a static IP, but I wasn't sure if DHCP was how I would be assigned my IP address. Seems rather stupid in retrospect to think that it wouldn't be, actually.
Also, for some reason I was thinking the cable modem itself would be given its own IP, forgetting it was merely a bridge. When it finally clicked, I nearly smacked myhead against the monitor.
FYI (and others) DHCP is the *normal* way for an ISP to assign an IP address on broadband as it allows them to manage a pool of IP addresses smaller than their potential client base.
Oh, and don't hit head on monitor - you only end up picking glass out of your forehead :-)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.