Re: Firewall/Router for Sharing a Cable Modem Connection

To: debian-firewall@lists.debian.org
Subject: Re: Firewall/Router for Sharing a Cable Modem Connection
From: Jonathan Matthews <jaycee.spam@jaycee.uklinux.net>
Date: Tue, 12 Nov 2002 22:12:11 +0000
Message-id: <20021112221211.GA29781@bigdaddy.jaycee.home>
In-reply-to: <3DD10BF9.3CDF6952@fabermaunsell.com>
References: <3DD10BF9.3CDF6952@fabermaunsell.com>

On Tue, Nov 12, 2002 at 02:11:05PM +0000, Michael Boyd wrote:
[snip]
> 1. The set up will be as follows, I use greek letters for naming
> purposes at the moment:-
> 
>                                                      / Beta(W98 Desktop)
> Internet---Cable Modem---Alpha(Firewall/Router)---Hub- Gamma(Debian
> Desktop)
>                            |                         \ X Terminals etc
>                          Omega (Experimental
>                                 Web Server) etc
> 
> Is it correct to call Alpha a Firewall/Router?  I gather it will get its
> external IP address dynamically.  I will use NAT to hide the 10.X.X.X
> internal addresses.

Sure, why not :-)

> 2. What packages do I need over and above those I am familiar with for
> my old dial-up set-up?  I am thinking mainly of DHCP which I believe is
> necessary as I will have a dynamic external IP address.  I think I will
> write the iptables rules by hand.  I used ssh in my previous set-up to
> login to the firewall internally which worked well so I will do that
> agin and make sure telnetd isn't on the machine.
> 3. Is a 486 up to the task?  I believe the download rate is up to 512K.

I've got exactly this serving up an NTL 512/128 connection to the rest 
of the network here (2xdebian, 1xwin98 laptop).  It was really easy to 
set up, and only required the installation of "pump" on the firewall 
machine.  I, too, made the transition from a dialup 486 firewall, so I 
guess that you've probably got most of what you need on it already.

With NTL, the steps were as follows.  I guess that you might have 
something similar to do?  Ring their 0845 number and escalate a couple 
of times to get through to someone who can tell you exactly what 
info/servers/whatever you'll need before registering.

firewall# apt-get install pump
firewall# emacs /etc/network/interfaces
          -> add the lines
          ->  auto eth1
          ->  iface eth1 inet dhcp
firewall# ifup eth1
firewall# your-favourite-javascript-enabled-browser https://autoreg.ntl.com
          -> complete the online forms, JS was essential :-(
firewall# ifdown eth1 ; sleep 1800 ; ifup eth1

[snip]
> 6. Does iptables enable the use of things like ICQ and gaming over the
> internet 'out of the box' without the workrounds necessary when using
> ipchains?

In my experience, anything requiring special modules (like ftp with NAT) 
is easy to add in with iptables.

I compile the kernel for my f/w machine without modules, in the hope 
that it'll make attempts to root it /slightly/ harder, but in reality, 
you should be able to make it modular, and be able to use one of the 
many example iptables scripts around on the net (google for "monmotha", 
IIRC) to work out which modules you need to load.

HTH,
-- jc

-- 
jaycee.spam@jaycee.uklinux.net

Reply to:

References:
- Firewall/Router for Sharing a Cable Modem Connection
  - From: Michael Boyd <michael.boyd@fabermaunsell.com>

Prev by Date: Re: Firewall/Router for Sharing a Cable Modem Connection
Next by Date: Iptables generic broadcast filter
Previous by thread: Re: Firewall/Router for Sharing a Cable Modem Connection
Next by thread: Re: Firewall/Router for Sharing a Cable Modem Connection
Index(es):
- Date
- Thread