Re: Firewall to router
Rodrigo Haces wrote:
>Hi
>
>this is my network structure:
>
>internet goes to a linksys router with ip 192.168.1.1, i take the router
>directly to my firewall with debian, it goes to an eth interface eth0 with ip
>192.168.1.100, then with another interface eth1 with ip 192.168.0.100 i take
>it to a switch and all my network, so i need that eth1 receive all
>comunications of my LAN, drops everything not needed (this is done with
>iptables), and if a packet is not droped, i need it to send it to the router
>192.168.1.1 with my eth0, how do i do this?
>
>thanks
>Rodrigo
>
>
>
>
Hi Rodrigo,
Change the network config file of your debian firewall. An example of
your possible /etc/network/interfaces file:
------------------
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
auto eth1
address 192.168.0.100
netmask 255.255.255.0
------------------
Then change your network options file. An example of /etc/network/options:
-----------------
ip_forward=yes
spoofprotect=yes
syncookies=no
-----------------
Look at the "ip_forward=yes", this makes a router from your firewall.
And now finish your firewall with iptables. I'm mostly using the firehol
package now to manage my iptables, but this choice is up to you. And
there is enough choice!
But in iptables you have two important things:
* security: INPUT will say which packets can reach the firewll and which
packets will be dopped, FORWARD will say what is send from one network
to the other (for example from your corporate network to the internet)
* masquerading: MASQUERADE your outgoing traffic from the debian
firewall to your linksys router because your linksys router doesn't know
what to do with address like 192.168.0.X
And to finish everything, happy googling!
NOTE: check out the official debian reference guide, chapter 10 network
configuration at
http://www.debian.org/doc/manuals/reference/ch-gateway.en.html, very
helpfull.
Greets,
<http://linox.be>Linox.BE
Reply to: