I have all the required componnents installed to fun a Router/Firewall with iptables on my redhat box. I do not wish to use an Xwindows system, will someone please point me twards a tutorial for setting up my box to act as a router/firewall for my other pc


thank you


-e

I am getting ready to try the same thing as you. I would like to set up a Linux firewall and router using RedHat. I have had bad luck with store bought routers and want to make my own. If any one can clue us in here on their experiences, it would be appreciated.

Thanx,

Kracer63

You might want to check out a distro called "Smoothwall" at www.smoothwall.org.

Its a purpose-built linux distro to be a firewall/router/nat device. I've used it in a few installations, and its great.

Give it a shot!

Awesome! I took a look at their website. The product looks like exactly what I need! I will probably get a copy of it tonight and try it out. Thanks so much for the info!

Tim

Well, got the Smoothwall downloaded and burned the CD. I customized an old machine taking out everything and installing 2 network adapters. I installed a 3com and one with a realtek chipset on it. Both cards work, I have had them in other machines. Well anyway after booting with the CD everything looks like it works great. On the set up of the cards is where I was confused though. I was wondering if anyone could tell me what is meant as the "Green" card and "Red" card and "Orange" card? I suppose this is identifying the cards one from the other.
I am using my cable modem on one card and the other card is hooked to my HUB. So far I can pull up the web admin interface using one of my pc's but I can't get the router our the pc to connect to the internet. Do I need a crossover cable in the equation here? Say crossover from network card from router to cable modem. I'll probably post some more questions this weekend. Thanks for any help that can be given.

Tim

thanks for telling me about this Software! It is awesome and I am going to keep plugging away until I get it figured out.

Tim

Yeah, SmoothWall was pretty cool when I first stumbled across it. The hardest part I had was getting to the web interface to control the darn thing!

As far as the cards/colors, that has to do with the firewall setup:
Green: Protected LAN
Orange: DMZ
Red: Unprotected WAN

Whether or not you need a crossover cable depends on your NICs & cable modem, but just watch das blinkenlights until they blink correctly. Is your WAN DHCP or PPPoE or something like that? You'll need to mess around with the config settings. Also, don't forget to power-cycle your (cable,dsl) modem, since some of them are funny about fixing to a MAC address.

Also, you should probably be using the "beta" series of version 2, the "release" series of 1.0 is getting pretty old.

Cool, ain't it?

Thanks for the info! Yes it is awesome. I just printed the manual out and I will read through it. By the way do you know off the top of your head how small of a hard drive I can use for this. I have a couple of very old 260mb seagates that still work good. Is that too small? I have a 1.2Gig in the machine now, but that might be overkill. I am running a cable modem and I use DHCP. I tried a couple of wireless routers with it and know most all of my settings now. I believe I just need to get my cards addressed properly for the internet to work. I was able to get the web interface up pretty quick but no access to internet. It was late last night when I did all this so I will get more in depth with it this weekend. I'll let you know how it goes.

Tim

I am not sure but I think where I am getting screwed up is on the installation when my green card is assigned the IP address of 192.168.1.1 which is hooked to my hub so I can hook more PC's up. Then I assign the static IP address to my red card of 192.168.1.2 and it is hooked to my cable modem. I may be wrong but should I even give the red card a static IP or is that assigned automatically with using DHCP from my ISP? Oh what if I add another NIC to the system would that be the orange card or just another green card? These are questions I am chewing on at the moment. I am still digesting and reading the manual as well. Any help appreciated.

Thanx - Tim

The Red card should be hooked up to your cable modem, and will get an IP by DHCP from your ISP. (If that's how your ISP does it. Most cable modems are DHCP.)

Cable Modem <-> RedNIC-Smoothwall-GreenNIC <-> Hub -> PC

Your PC will get an IP from the DHCP server from the Smoothwall, not from your ISP.

You're on the right track, you'll be online in a few......

Thanks for the info! I have been reading the documentation and wow! I should have read it before I posted anything here. It is very detailed and looks like it spells it out for you. I still appreciate all the help though. If I run into any "firewalls" I'll be sure to pipe up here on the list.

Thanx - Tim

Reading the docs... I don't quit understand whether or not to setup the green (well maybe I have to) but will this setup restrict my other machines from access to the internet? I understand the orange is for DMZ and allows access straight through to web servers and ftp servers. So I was wanting all machines on my network to have internet access. Can this be accomplished throught the green card? Or can I only setup machines on the orange/DMZ to access the internet? Please be patient I am still chewing on this. I appreciate the help and so does me wife who needs to check her e-mail

Thanks - Tim

Yeah, you'll need to setup the green interface.

The DMZ (Orange) for machines where the internet will have access to the--externally visible servers. So, if you're running your own webserver, it would go in the DMZ.

Green is for machines on the private/protected LAN. All externally-originated traffic will be halted at the firewall. (as per any rules you set up.) Any machine on the LAN (Green) interface that INITIATES an internet connection will have full access to the OUTSIDE. Its just that OUTSIDE won't have full access to them!

Red: Unprotected WAN, connect to your cable modem.
Orange: DMZ, hook up machines used as external servers.
Green: Protected LAN, all your user machines, internal servers, etc.

I think there's even some version of a "purple" interface with Smoothwall that's designed for Wireless connections. I'm not sure if that's made it to Beta yet, though.....

O'Reilly's "Building Internet Firewalls" is a GREAT book for this stuff. I have the 2nd edition, I don't know if its made it to a 3rd edition yet.

This is awesome information you have given here! I hope others take the time to read this thread when they try to setup a firewall/router. I will let you know how things turn out on mine. I am at work now so I can't work on my machines at home yet. I'll probably be up all night though configuring the machines. I am excited about getting started on it.

Thanx! Tim

Here is what I got! I finally got home so I could work on my new router project. I installed another card making three cards in the system. Two 3com's and one generic with realtek chipset onboard. I hooked my cable modem up to the the realtek making it the "Red" card which resides in PCI slot 1. Then hooked a 4 port Netgear switch up to a 3com that was designated the "Green" card which resides in PCI slot 3. Hooked a 4 port SOHOware Hub up to the other 3com designating it the "Orange" card which resides in PCI slot 2. I have my Apache webserver running on SuSE Linux 8.2 professional and it is hooked up to the Hub on the "Orange" card. I have a laptop that I hooked up to the 4 port switch on the "Green" card. The installation seemed to go well but I was still a little confused about one or two steps in assigning the proper addresses to the cards. Anyway went through setup and things looked pretty good. The machines finally connected to the internet "Yahoo"!!! I seem to be doing well with connectivity running from my "Orange" and "Green" on the internet. I however can't seem to ping the "Green" connection from the "Orange" but i can ping from the "Green" to the "Orange" Also can't access my webserver from the internet using my IP address? I am sure this has to do with DMZ or port forwarding. Also when I boot up the router machine right before it initializes and beeps I get an error message "Register failed" don't know what it means but everything else seems to be fine and working other than the webserver access and accessing the two computer from each other. Let me know if there is something simple I am missing here with the access problems. I am going to read the post install manual in depth and try to get this stuff figured out. With all that done I took my little networking adventure a little further. I took the Netgear switch out of the picture and replaced it with a Linksys wireless router that has a 4 port switch built in. Hooked up to the LAN side in port 1 and then hooked my Laptop in port two. Turned off all the wireless routers features and had things recognize automatically. Gave it a device address to match the network and rebooted everything and WALLA! I have a wireless access point/switch. The laptop connected "Hard wired" so i went upstairs to my wireless machine which has a Linksys wireless network adapter in it and made the proper settings under TCP/IP for the adapter. Pulled up the wireless software that came with the card and made the proper changes on it. I was crossing my fingers at this point. WALLA SWEET SUCCESS!!! That baby connected to the internet also! I am impressed with this whole SmoothWall deal! Well I have a lot of studying to do so i'll post more later! You can just call me windbag for such a long post

Thanx - Tim