Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345
Rep:
Which gateway in router-firewall setup?
If I am connected to my ISP with a DSL modem and a router and I want to set a firewall behind that, should systems behind the firewall point to the router as their gateway or to the firewall?
Here it is in more detail, the network connections would look like this:
Internet [DSL hook up including DSL modem] <-> Router [Netgear RP614v.x] <-> Firewall [Linux box] <-> 8-port switch <-> up to 7 machines
Currently, I am only using the router. It has two interfaces, one pointing outwards which uses the IP address assigned by my ISP and one pointing inwards which I have set to 192.168.1.3. I want to set a linux box between that router and the rest of my small network and set it up as a firewall with NAT/IP masquerading for the machines behind it. If I give the interface on the firewall that points at the router the IP address 192.168.1.1 and the interface that points inwards toward my network the IP address 192.168.1.2, which IP address would the machines on the protected network use as their gateway, 192.168.1.3, 192.168.1.1 or 192.168.1.2?
unless you're going to bridge the connections on the firewall then you would need to use to seperate LAN's, e.g. 192.168.0.0/24 and 192.168.1.0/24. and the firewall would be the gateway, but of course, the firewall would also be your router. So do you actually require the router? if it's plain DSL are you not provided with an ethernet connection from your ISP?
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345
Original Poster
Rep:
Yes, I have an ethernet connection from my ISP and no, I don't really need the router, since I could just use the linux box as my router/firewall and have one interface pointed at my ISP and the Internet and the other interface pointed at my internal network. That's actually the setup I had until my router/firewall suffered a catastrophic hard drive crash.
Even before it failed though, I was thinking of doing a setup like I described in my original post, so that I could potentially hang a machine off the Netgear router to act as a file server that I could reach from anywhere. Sort of a bastion host/DMZ type arrangement. The Netgear router has the capability of making, say, ftp.mydomain.org direct traffic to a specific machine that is attached to it. Also, since this is a hobby network and not a production system, part of the reason I was thinking of going with a setup like this is simply, "Because I can."
I will try setting it up as a separate network as you suggested, where it will look something like this:
if you want a dmz, then i'd personally recommend configuring a third nic on the firewall. assuming that you're running smoothwall, ipcop etc... they will have settigns for a dedicated dmz interface out of the box. that said you certainly could use that layout for a dmz, but wether it's really worth while is a different issue, as just having a single router on the network is a lot lot simpler.
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345
Original Poster
Rep:
I was looking at IPCop the other day, and if I had a full-size machine, I would probably use it. The machine I am going to use as a firewall, though, uses a VIA EPIA-M 800 motherboard, and it only has one PCI slot. So, I am limited to two interfaces - the one on the motherboard and one installed in the PCI slot. (I am using a 512MB CF card as the harddrive.)
I'm not really going for the simplest solution either. I know what I am planning is actually overkill for a home network. Really when it comes right down to it, I could just keep using the Netgear RP614 router as my network's only connection to my ISP and the Internet. Although, as I think about it, that would also mean that I would have to configure some sort of firewalling on each of the machines attached to the router. There are some Windows machines involved here, so any extra level of protection I can offer them will be a good thing. Building my own firewall with my own rules will also allow me some flexibility in securing my wireless connection.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.