Hello all,

I'm trying to convert an old Pentium III I had lying around into a firewall and decided to use Devil Linux. I have a dual port adapter I'm using to connect to my router and my desktop on eth0 and eth1, respectively. I have a connection between the firewall and my router (which acts as a DHCP server) which correctly assigns the firewall an IP but my desktop keeps getting a 169.254.x.x address. I cleared my iptables rules to try to narrow down the problem and I believe it's because my desktop cannot connect to my router to be assigned an address.

I killed dhcpcd for both interfaces and re-ran it to try to reassign addresses and got the following output for eth0 (firewall to router):

and the following output for eth1 (firewall to desktop):

How can I allow my desktop to reach my router to be assigned an address?
Also, my guess at the problem may very well be incorrect, are there any other suggestions as to what the issue could be?

Thanks for your time,
koan

dhcpcd is a client and will not allocate IP's to anything. The IP you get on eth0 via dhcpcd comes from the router.

Your router will provide most of the protection you need from the Internet as far as firewalls go so there really is no need for a dedicated box unless you building a more complicated setup.

If you really want some additional protection or just want to stop certain ports from gaining outside access you can either run iptables on the desktop if it's Linux or use one of many firewall addons if it's Windows

Wildwizard,
Thanks for your response. I understand that the router is the one assigning the IPs which is why I am wondering why my desktop cannot connect to it. If you have any information regarding that it would be very helpful.

Thanks,
Koan

EDIT: More specifically, if you have any information on what kind of iptables rule to use to allow my desktop to connect to my router, that would be most helpful. Should I tell the NAT table to masquerade on eth1 with addresses on the 192.168.1.0/24 subnet?

Let me see if i get this right: You are connecting the router and the desktop in the firewall machine ?
If that is the case, and your firewall doesn't have a dhcp service then just set eth1 with static IP and also the desktop with static IP, make sure to set both on the same subnet. Besides that if you are connecting both machines with one cable make sure the it is a crossover cable, which allow to plug 2 machines directly with a network cable.

You could also reverse the firewall with the router, or yet remove the router out of the equation if you are using just 2 machines and the goal is to learn firewalling.

It is more interesting to have the firewall connected to the modem(if you have one) and then the router receiving the shared connection from the firewall, so the router will do the dhcp for the rest of your network if you have more machines to connect. In this case the router will need a static ip to connect with the firewall(if your firewall doesn't have dhcp service).

Using a router and a dedicated firewall is pretty much like having 2 firewalls.

Most important, make it simple because it will be easier to manage.

Regards

Ahhh, stupid mistake. I tried setting eth1 to a static IP but kept my desktop set to dynamic so it kept trying to reach a DHCP server that it was never going to find. I'll take another crack at it. The idea of switching the router and firewall also came to mind today, I'll definitely try that as well.
I realize this is an unusual and somewhat illogical scenario but it's just a project for fun to build some skill with linux networking.

Thanks for the response.
koan

1 members found this post helpful.