LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 12-10-2005, 06:38 PM   #1
hussar
Member
 
Registered: Oct 2003
Location: Heidelberg, Germany
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345

Rep: Reputation: 30
Which gateway in router-firewall setup?


If I am connected to my ISP with a DSL modem and a router and I want to set a firewall behind that, should systems behind the firewall point to the router as their gateway or to the firewall?

Here it is in more detail, the network connections would look like this:

Internet [DSL hook up including DSL modem] <-> Router [Netgear RP614v.x] <-> Firewall [Linux box] <-> 8-port switch <-> up to 7 machines

Currently, I am only using the router. It has two interfaces, one pointing outwards which uses the IP address assigned by my ISP and one pointing inwards which I have set to 192.168.1.3. I want to set a linux box between that router and the rest of my small network and set it up as a firewall with NAT/IP masquerading for the machines behind it. If I give the interface on the firewall that points at the router the IP address 192.168.1.1 and the interface that points inwards toward my network the IP address 192.168.1.2, which IP address would the machines on the protected network use as their gateway, 192.168.1.3, 192.168.1.1 or 192.168.1.2?
 
Old 12-11-2005, 03:13 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
unless you're going to bridge the connections on the firewall then you would need to use to seperate LAN's, e.g. 192.168.0.0/24 and 192.168.1.0/24. and the firewall would be the gateway, but of course, the firewall would also be your router. So do you actually require the router? if it's plain DSL are you not provided with an ethernet connection from your ISP?
 
Old 12-11-2005, 05:29 AM   #3
hussar
Member
 
Registered: Oct 2003
Location: Heidelberg, Germany
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345

Original Poster
Rep: Reputation: 30
Yes, I have an ethernet connection from my ISP and no, I don't really need the router, since I could just use the linux box as my router/firewall and have one interface pointed at my ISP and the Internet and the other interface pointed at my internal network. That's actually the setup I had until my router/firewall suffered a catastrophic hard drive crash.

Even before it failed though, I was thinking of doing a setup like I described in my original post, so that I could potentially hang a machine off the Netgear router to act as a file server that I could reach from anywhere. Sort of a bastion host/DMZ type arrangement. The Netgear router has the capability of making, say, ftp.mydomain.org direct traffic to a specific machine that is attached to it. Also, since this is a hobby network and not a production system, part of the reason I was thinking of going with a setup like this is simply, "Because I can."

I will try setting it up as a separate network as you suggested, where it will look something like this:

ISP <-> [IP address assigned by ISP] Netgear router [192.168.0.1] <-> [192.168.1.1] Firewall [192.168.1.2] <-> Internal network

and then potentially connect another machine to the Netgear router to be a ftp host, like this:

ISP <-> [IP address assigned by ISP] Netgear router [192.168.0.1] <-> [192.168.0.2] ftp.mydomain.org

Will that work?
 
Old 12-11-2005, 07:41 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
if you want a dmz, then i'd personally recommend configuring a third nic on the firewall. assuming that you're running smoothwall, ipcop etc... they will have settigns for a dedicated dmz interface out of the box. that said you certainly could use that layout for a dmz, but wether it's really worth while is a different issue, as just having a single router on the network is a lot lot simpler.
 
Old 12-11-2005, 11:11 AM   #5
hussar
Member
 
Registered: Oct 2003
Location: Heidelberg, Germany
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345

Original Poster
Rep: Reputation: 30
I was looking at IPCop the other day, and if I had a full-size machine, I would probably use it. The machine I am going to use as a firewall, though, uses a VIA EPIA-M 800 motherboard, and it only has one PCI slot. So, I am limited to two interfaces - the one on the motherboard and one installed in the PCI slot. (I am using a 512MB CF card as the harddrive.)

I'm not really going for the simplest solution either. I know what I am planning is actually overkill for a home network. Really when it comes right down to it, I could just keep using the Netgear RP614 router as my network's only connection to my ISP and the Internet. Although, as I think about it, that would also mean that I would have to configure some sort of firewalling on each of the machines attached to the router. There are some Windows machines involved here, so any extra level of protection I can offer them will be a good thing. Building my own firewall with my own rules will also allow me some flexibility in securing my wireless connection.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Gateway Setup Problem danfiggolfer Linux - Newbie 1 01-02-2005 09:05 PM
Mandrake 10, gateway/firewall setup HOWTO zhex900 Linux - Networking 1 12-23-2004 08:47 AM
Need guide for gateway setup with hardware router mdkelly Linux - Networking 0 06-22-2004 01:29 PM
Setup linux gateway + firewall (redhat 9.0) mirt Linux - Networking 4 04-27-2004 01:46 AM
What programs should I use for DHCP, firewall, and a gateway/router? Godsguitarist Linux - Networking 2 10-17-2003 06:30 PM


All times are GMT -5. The time now is 03:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration