Re: Firewall/Router for Sharing a Cable Modem Connection
On Tue, Nov 12, 2002 at 02:11:05PM +0000, Michael Boyd wrote:
> A while ago I built a debian firewall from an old 486 which, by virtue
> of NAT, my Win98 PC hid behind. I didn't get as far as using dial on
> demand but that was my next step. I have now moved to an area covered
> by cable broadband provided by Blueyonder in the UK. I am inclined to
> sign up for this and rebuild my debian firewall to suit. I know I could
> use something like SmoothWall but like to understand some of what goes
> on 'under the bonnet'. I found building my first firewall a great
> introduction to GNU/Linux in general, debian and networking.
> If anyone has had any good/bad experiences with this I would be grateful
> for them.
> Also I have a few queries which I'd be grateful for help with:-
> 1. The set up will be as follows, I use greek letters for naming
> purposes at the moment:-
> / Beta(W98 Desktop)
> Internet---Cable Modem---Alpha(Firewall/Router)---Hub- Gamma(Debian
> | \ X Terminals etc
> Omega (Experimental
> Web Server) etc
> Is it correct to call Alpha a Firewall/Router? I gather it will get its
> external IP address dynamically. I will use NAT to hide the 10.X.X.X
> internal addresses.
I see no reason why you can't call it a firewall. Firewall/NAT Box, whatever you like.
> 2. What packages do I need over and above those I am familiar with for
> my old dial-up set-up? I am thinking mainly of DHCP which I believe is
> necessary as I will have a dynamic external IP address. I think I will
> write the iptables rules by hand. I used ssh in my previous set-up to
> login to the firewall internally which worked well so I will do that
> agin and make sure telnetd isn't on the machine.
To get a dynamic IP from my cable modem ISP, I used dhcpcd and it works fine for me. /etc/dhcpc/config is your config file where you specify which interface to use. Pretty cut and dry.
> 3. Is a 486 up to the task? I believe the download rate is up to 512K.
A 486 should serve 20-25 clients just fine. I have a P120 and it suits me just fine.
> 4. How can I install Woody with a 2.4 kernel from my CD set? The
> default seems to be a 2.2 kernel. I don't understand the instructions
> on the CDs or those I've found on the internet. I believe I need 2.4 to
> use iptables.
Try running bf24 as a boot argument
> 5. I want to get emails generated by Alpha (containing logfiles etc)
> delivered via an email address provided by the cable provider *or*
> internally. Am I correct in thinking exim can do both of these
> alternatives? Apologies if I am straying 'off list' here.
Yes it can be done. run eximconfig and set up your box as a smart host. Contact me personally if you want to discuss this further.
> 6. Does iptables enable the use of things like ICQ and gaming over the
> internet 'out of the box' without the workrounds necessary when using
Got me on this one.
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Darryl N. Grant
Network Services Manager