LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help with locking down network (https://www.linuxquestions.org/questions/linux-networking-3/help-with-locking-down-network-445233/)

threegig 05-16-2006 12:45 AM
Help with locking down network
 
Hi Everyone,

I have just got adsl and I have set up my internal network like so.

ADSL/ROUTER 192.168.1.1
|
SWITCH
|
PC1 - PC2 - PC3 192.168.1.2 to 5

The router has a internal firewall but I want something more secure. I was thinking using a old box and setting up a smoothwall firewall.

Does anyone have any other ideas on what would be a good secure option I am fine with a linux or windows option.
And what ip addressing scheme should I implement.

Is it possible and a wise option to have the adsl modem router with a ip like 192.168.1.1 and then have my internal network like 10.0.0.1 will this be a added layer of security?

And sorry last question my router ip was 192.168.1.254 with a dhcp server diving a range of 192.168.1.100 - 200.
I tried to change this to a range of 192.168.1.100 to 192.168.1.110 but I kept rejecting any reason for this?

Thanks

acid_kewpie 05-16-2006 01:38 AM
smoothwall is fine, although i'd recommend ipcop as a better variant.

use whatever private scheme you want, it's totally irrelevant

totally possible to do two networks, but generally pointless.

if you wish to place s firewall router between the adsl router and the switch then feel free to do so, it's totally feasible but personally i'd wonder if you'd really benefit that much really...

threegig 05-16-2006 03:29 AM
Thanks its just that ill be hosting a web page and mail server/dns. So is this possible

adsl/router 192.168.0.1
|
SWITCH
|
IPCOP - 2 nics - 192.168.0.2 \ 10.0.0.1
|
PC1 - PC2 - PC3 - And wireless if ever

Does that look about right?

Thanks

acid_kewpie 05-16-2006 03:57 AM
well no, the switch would be on the other side of the firewall, but essntially it's ok. you do have a complication in that you will be either be masquarading twice between your server and the net or copnfiguring routing on ipcop, and actually i'm not sure that that is even possible. so you either make your router port forward 80 to your firewall and then that port forwards to the server, or you port forward to the server directly from the router, and tell it to route 10.0.0.0/24 via the firewall.

threegig 05-17-2006 11:14 AM
Thanks Mate, Later down the track I intend to have a another room with suse on it. Is there a better or easier way to get a very secure internal network?

Thanks


All times are GMT -5. The time now is 02:27 AM.