[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall/Router for Sharing a Cable Modem Connection

On Tue, Nov 12, 2002 at 02:11:05PM +0000, Michael Boyd wrote:
> A while ago I built a debian firewall from an old 486 which, by virtue
> of NAT, my Win98 PC hid behind.  I didn't get as far as using dial on
> demand but that was my next step.  I have now moved to an area covered
> by cable broadband provided by Blueyonder in the UK.  I am inclined to
> sign up for this and rebuild my debian firewall to suit.  I know I could
> use something like SmoothWall but like to understand some of what goes
> on 'under the bonnet'.  I found building my first firewall a great
> introduction to GNU/Linux in general, debian and networking.
> If anyone has had any good/bad experiences with this I would be grateful
> for them.
> Also I have a few queries which I'd be grateful for help with:-
> 1. The set up will be as follows, I use greek letters for naming
> purposes at the moment:-
>                                                      / Beta(W98 Desktop)
> Internet---Cable Modem---Alpha(Firewall/Router)---Hub- Gamma(Debian
> Desktop)
>                            |                         \ X Terminals etc
>                          Omega (Experimental
>                                 Web Server) etc
> Is it correct to call Alpha a Firewall/Router?  I gather it will get its
> external IP address dynamically.  I will use NAT to hide the 10.X.X.X
> internal addresses.

I see no reason why you can't call it a firewall.  Firewall/NAT Box, whatever you like.  
> 2. What packages do I need over and above those I am familiar with for
> my old dial-up set-up?  I am thinking mainly of DHCP which I believe is
> necessary as I will have a dynamic external IP address.  I think I will
> write the iptables rules by hand.  I used ssh in my previous set-up to
> login to the firewall internally which worked well so I will do that
> agin and make sure telnetd isn't on the machine.

To get a dynamic IP from my cable modem ISP, I used dhcpcd and it works fine for me.  /etc/dhcpc/config is your config file where you specify which interface to use.  Pretty cut and dry.
> 3. Is a 486 up to the task?  I believe the download rate is up to 512K.

A 486 should serve 20-25 clients just fine.  I have a P120 and it suits me just fine.
> 4. How can I install Woody with a 2.4 kernel from my CD set?  The
> default seems to be a 2.2 kernel.  I don't understand the instructions
> on the CDs or those I've found on the internet.  I believe I need 2.4 to
> use iptables.

Try running bf24 as a boot argument

> 5. I want to get emails generated by Alpha (containing logfiles etc)
> delivered via an email address provided by the cable provider *or*
> internally.  Am I correct in thinking exim can do both of these
> alternatives?  Apologies if I am straying 'off list' here.

Yes it can be done.  run eximconfig and set up your box as a smart host.  Contact me personally if you want to discuss this further.

> 6. Does iptables enable the use of things like ICQ and gaming over the
> internet 'out of the box' without the workrounds necessary when using
> ipchains?

Got me on this one.

> Mike
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Darryl N. Grant
Network Services Manager
Capitol College
301.369.2800, x3003

Reply to: