Re: firewall setup xdsl: eth0/eth1/ppp0?
On Wed, 05 Nov 2003 01:15:18 -0900, Ken Irving wrote:
> On Wed, Nov 05, 2003 at 09:52:42AM +0100, Andreas Bohnert wrote:
>> Hi,
>> I don't know how to setup my firewall for my new xdsl connection. I
>> saw some posting concerning adsl, so maybe there are some
>> people, who know how to handle this.
>
> I'm not sure what you're talking about, with xdsl and lokal, but I'd
> recommend the shorewall firewall.
I, too, can strongly endorse shorewall.
Fundamentally, your internal interface is eth0 and external is ppp0, which
I assume is a pppoe interface, and not pptp like you said. The pppoe
protocol does NOT use the ethernet interface's IP address for
communications. Most implementations don't even require it to be
configured with one. The only way anyone is going to be able to route
traffic to eth1 with a 10. address on it is if they source-route it all
the way AND your, their, and all the ISP's in between, have configured
their routers poorly.
So, setup shorewall with eth0 as the internal, lan, or local interface,
and ppp0 as the external or internet interface.
If you are really paranoid, setup eth1 as a dmz interface, and don't
accept anything into or out of the dmz.
madmac
Reply to: