Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-20-2001, 10:04 AM   #1
Registered: Aug 2001
Posts: 60

Rep: Reputation: 15
Question how to setup a ipchains firewall after a hardware cisco router

hai friends,

i want to setup a ipchains firewall after a
cisco router which doesnot has a inbuilt firewall with it. i will
try to explain the situation

the cisco router has a wan interface and a lan
interface and from the lan interface we get some 14 public lan

i want to have a setup in which i want to connect one of the two interfaces of my linux box with the routers public
lan interface and from second interface of linux box the 14
public lan ips should come.

can anybody please suggest me the idea. actually
i had setup a netguard firewall in the above fashion . can i setup
ipchains in the in the same fashion.

if anybody wants more details i can send u the setup of
netguard firewall

thanks in advance
Old 09-27-2001, 04:56 AM   #2
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31

First you need to decide the type of firewall, this depends on the ip address types you use, IPN or EPN "Internal private network addresses like 192.198 , 10. ,172.16 " or you have EPN external public network addresses allocated by internic.

Also the speed of the connection is important as to the speed of the Linux box. “i.e a Nat firewall needs a fast processor if over a 512kb or greater connection”

If you use IPN numbers then you'll need to have a NAT firewall, if not then simply a source routed firewall.
You can use ipchains or iptables to do this.

Then you need to know the names of your interface cards on the Linux box and the relationship they have to the physical network.

Then you build a solid rule set for ipchains or iptables to use. Only routing the correct protocols to the correct ports with flood and spoof filtering.

If you want to learn about ipchains or iptables then start with these sites, then once you get into problem contact us.

Old 10-18-2001, 02:19 AM   #3
Registered: Aug 2001
Posts: 60

Original Poster
Rep: Reputation: 15
Smile regarding using proxyARP for the above problem

hello raz

i used proxyARP to solve the above
problem and was successfuly. but i was forced to
waste one of the public lan ip address . i followed the method given in for
using proxyARP to set a firewall after hardware

can u suggest me a way by which
there is not wastage of even a single ip address.

15 i followed the method given in
Old 10-22-2001, 04:40 AM   #4
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
If the Cisco router is just a router, it will have to talk to a real external IP address that's in the routing table.

So you would use 2 assigned ip address. 1 for the router 1 for firewall.

If you have a DMZ then these addresses should also be real like your DNS and Proxy server.

Then everything after the firewall can be NAT and use internal ip addresses.

I don't know proxyARP.

If you only have 1 real address assigned to you, then your router wall have to do the NAT functions for the whole network.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a linux firewall behind a cisco router totfc Linux - Security 2 06-03-2002 09:47 PM
how to configure a linux firewall behind my cisco router totfc Linux - Security 0 06-01-2002 11:04 PM
how to setup a ipchains firewall after cisco Router using proxy ARP? or NAR cybercop12us Linux - Security 0 10-17-2001 07:07 AM
ipchains after cisco router question exp. with diagrams cybercop12us Linux - Security 0 09-21-2001 04:56 AM
how to setup a ipchains firewall after a hardware cisco router cybercop12us Linux - Newbie 2 09-21-2001 04:53 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:39 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration