LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-20-2001, 10:04 AM   #1
cybercop12us
Member
 
Registered: Aug 2001
Posts: 60

Rep: Reputation: 15
Question how to setup a ipchains firewall after a hardware cisco router


hai friends,

i want to setup a ipchains firewall after a
cisco router which doesnot has a inbuilt firewall with it. i will
try to explain the situation

the cisco router has a wan interface and a lan
interface and from the lan interface we get some 14 public lan
ips.

i want to have a setup in which i want to connect one of the two interfaces of my linux box with the routers public
lan interface and from second interface of linux box the 14
public lan ips should come.

can anybody please suggest me the idea. actually
i had setup a netguard firewall in the above fashion . can i setup
ipchains in the in the same fashion.

if anybody wants more details i can send u the setup of
netguard firewall

thanks in advance
harish
 
Old 09-27-2001, 04:56 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Easy...

First you need to decide the type of firewall, this depends on the ip address types you use, IPN or EPN "Internal private network addresses like 192.198 , 10. ,172.16 " or you have EPN external public network addresses allocated by internic.

Also the speed of the connection is important as to the speed of the Linux box. “i.e a Nat firewall needs a fast processor if over a 512kb or greater connection”

If you use IPN numbers then you'll need to have a NAT firewall, if not then simply a source routed firewall.
You can use ipchains or iptables to do this.

Then you need to know the names of your interface cards on the Linux box and the relationship they have to the physical network.

Then you build a solid rule set for ipchains or iptables to use. Only routing the correct protocols to the correct ports with flood and spoof filtering.

If you want to learn about ipchains or iptables then start with these sites, then once you get into problem contact us.

http://www.redhat.com/support/resour...llservice.html
http://www.boingworld.com/workshops/...bles-tutorial/
http://dsl081-050-241.dsl-isp.net/ip...ns-stuff.shtml

/Raz
 
Old 10-18-2001, 02:19 AM   #3
cybercop12us
Member
 
Registered: Aug 2001
Posts: 60

Original Poster
Rep: Reputation: 15
Smile regarding using proxyARP for the above problem

hello raz

i used proxyARP to solve the above
problem and was successfuly. but i was forced to
waste one of the public lan ip address . i followed the method given in sjdjweis.com for
using proxyARP to set a firewall after hardware
router

can u suggest me a way by which
there is not wastage of even a single ip address.

15 i followed the method given in sjdjweis.com
 
Old 10-22-2001, 04:40 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
If the Cisco router is just a router, it will have to talk to a real external IP address that's in the routing table.

So you would use 2 assigned ip address. 1 for the router 1 for firewall.

If you have a DMZ then these addresses should also be real like your DNS and Proxy server.

Then everything after the firewall can be NAT and use internal ip addresses.

I don't know proxyARP.

If you only have 1 real address assigned to you, then your router wall have to do the NAT functions for the whole network.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a linux firewall behind a cisco router totfc Linux - Security 2 06-03-2002 09:47 PM
how to configure a linux firewall behind my cisco router totfc Linux - Security 0 06-01-2002 11:04 PM
how to setup a ipchains firewall after cisco Router using proxy ARP? or NAR cybercop12us Linux - Security 0 10-17-2001 07:07 AM
ipchains after cisco router question exp. with diagrams cybercop12us Linux - Security 0 09-21-2001 04:56 AM
how to setup a ipchains firewall after a hardware cisco router cybercop12us Linux - Newbie 2 09-21-2001 04:53 AM


All times are GMT -5. The time now is 06:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration