I want to set up a firewall between my cable modem and my already-firewall-equipped router. Unfortunately I have no clue what I'm doing.

Anyone know of any really good HOWTO's for setting up two ethernet cards, iptables, and masquerading on a 2.4 kernel? The only one I've been able to find was written for 2.1 and used ipchains, plus involved compiling a custom kernel from scratch. I don't want to go THAT far.

The one I usually point people to is:
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

Alright, I'm confused. eth0 is going to be connected to the cable modem, obviously. eth1 will be connected to my Linksys 4-port router via the WAN port. My question is this: will eth1 get an IP address from the router via DHCP, just like all my other computers? Or will I have to manually assign it an IP address? The router assigns itself 192.168.1.1, and all computers attached 192.168.1.100 through .150.

You will need to give eth1 a static IP address on a subnet other than 192.168.1.x. I use 192.168.0.x, but anything else in the 192.168.x.x range would work just fine.

The reason for this is the router needs to have a default gateway to reach the Internet, and that gateway should be the same every time it tries to connect or you'll be reconfiguring it often. It's unlikely that 1) the router can serve up DHCP addresses on the WAN port and 2) if it could that it would know to use the newly assigned IP address as its default gateway.

In the end, you'll probably be running three different subnets (unless your cable modem does IP passthrough).

Cable Modem <---subnet 1---> firewall <---subnet 2----> router <---subnet 3----> rest of the network.

Just an FYI, Linux as a firewall is also a router, so you really don't need another router unless you don't have a functioning hub or switch. Even so, you could just not use the WAN port on the router and instead use it as a hub. Then, the computers on your network would use the firewall as their default gateway (you could setup Slack to run a DHCP server to avoid reconfiguring everything). My network looks like this:

DSL modem <--- 192.168.1.x ---> Smoothwall firewall <---- 192.168.0.1 -----> switch and rest of network I run Smoothwall because I find it much easier to use and less painful than configuring iptables by hand.

Phathead

Thanks. I just want to be able to drop the Linux machine in between my existing router and the cable modem. This waythe Windows computers see absolutely nothing different, and the Linux machine can just sit there filtering and blocking packets from ever reaching the router. I realize I could make things simpler by simply going out and buying a switch and using the Linux machine as a DHCP server/packet forwarder, but it's much simpler this way.

I've done away with the "sitting between the router and the Cable Modem" idea and just decided to use the router for switching purposes. Is this correct?

Yes, that should work just fine.

Alright, it isn't, and I think the problem has to do with the IP address I am assigning eth0. My Windows computers can ping 192.168.1.10 (eth1) just fine. I have followed this tutorial: http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/

Should I really be assigning a 192.168.xxx.xxx address to eth0, and not the IP address assigned by my ISP? How do I determine the IP address I have been assigned?

I'm with Phathead. Smoothwall on a little ol' bit of tin I had lying around took about 15 minutes to get going once I'd figured out how to get the CD drive working. Actually I have a config almost just like his and it works.

If your ISP is telling you to use a particular static IP then you must assign this to eth0 (WAN side of firewall) else ISP won't see you.

Check that your ISP doesn't want you to use DHCP on their side though as this might be messing you up with the addressing e.g.

DSL Modem <---- DHCP ----| Firewall |--Static IP--> Hub <-- rest of PC's static IP or DHCP (on your own inbound DHCP server) -->

HIH
Ashley

No static IP, that's what hadme confused. I would have known what to do had I a static IP, but I wasn't sure if DHCP was how I would be assigned my IP address. Seems rather stupid in retrospect to think that it wouldn't be, actually.

Also, for some reason I was thinking the cable modem itself would be given its own IP, forgetting it was merely a bridge. When it finally clicked, I nearly smacked myhead against the monitor.

I'm pleased you got it working.

FYI (and others) DHCP is the *normal* way for an ISP to assign an IP address on broadband as it allows them to manage a pool of IP addresses smaller than their potential client base.

Oh, and don't hit head on monitor - you only end up picking glass out of your forehead :-)