LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firewalls... linux -v- BSD

[ILUG] Firewalls... linux -v- BSD

dude ilug ilugdude at gmail.com
Thu Sep 7 14:55:34 IST 2006 

Thanks for all the replies and tangent discussion.

I'm not going to touch the Router/ADSL2 modem, magnet won't allow and
even though I could possibly get access anyway, I might disturb the
VOIP(?) for the phone or other requirements. So, the options entailing
changing the router settings are out.
[i.e. to set the router in bridging mode, and use a firewall just
inside it, doing the Routing and a DHCP Relay, and whether or not it
would need to be doing any PPPoE that may be there (think not from the
posts) ]

Anyway, if I'm getting external IP's I assume the router may already
be in a bridging mode or at least doing some DHCP relaying.

What I will try is the internal bridging firewall with etables.
I read a little on this and it looks handy enough, could be easier if
there is a packaged linux distro set up for just this with some sort
of gui manager or something but I guess I'll be learning iptables.

I have one question on this, that machine will have no ip addresses in
use aiui, so,  will I be able to set it up somehow to check the net
for automatic updates for e.g. ?
Or will it be just the old box in the middle passing packets around
based on my rules and with no access to other machines itself ?
If so, I wonder could I use a 3rd (or 4th if i add a nic for a WAN)
nic for this, or might that interfere with the rest of the machine and
it's main task as firewall/router.


I am also interested in the similiar but different (aiui) setup of the
2-nic machine between the router and lan, with a DHCP Relay and
Firewall software. However, considering I'm not going to be using any
internal network addresses, just dynamic 'public' ips, would this
really work ?
I guess I just can't imagine what ips would be on each of the networks
i/fs, who would assign them and how to be sure they wouldn't cause
problems?
Will have to read further on this one.
Pointers appreciated.

Thanks again, if i get it working i'll report back.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell