Re: Firewall/Router for Sharing a Cable Modem Connection
On Tue, Nov 12, 2002 at 02:11:05PM +0000, Michael Boyd wrote:
> 1. The set up will be as follows, I use greek letters for naming
> purposes at the moment:-
> / Beta(W98 Desktop)
> Internet---Cable Modem---Alpha(Firewall/Router)---Hub- Gamma(Debian
> | \ X Terminals etc
> Omega (Experimental
> Web Server) etc
> Is it correct to call Alpha a Firewall/Router? I gather it will get its
> external IP address dynamically. I will use NAT to hide the 10.X.X.X
> internal addresses.
Sure, why not :-)
> 2. What packages do I need over and above those I am familiar with for
> my old dial-up set-up? I am thinking mainly of DHCP which I believe is
> necessary as I will have a dynamic external IP address. I think I will
> write the iptables rules by hand. I used ssh in my previous set-up to
> login to the firewall internally which worked well so I will do that
> agin and make sure telnetd isn't on the machine.
> 3. Is a 486 up to the task? I believe the download rate is up to 512K.
I've got exactly this serving up an NTL 512/128 connection to the rest
of the network here (2xdebian, 1xwin98 laptop). It was really easy to
set up, and only required the installation of "pump" on the firewall
machine. I, too, made the transition from a dialup 486 firewall, so I
guess that you've probably got most of what you need on it already.
With NTL, the steps were as follows. I guess that you might have
something similar to do? Ring their 0845 number and escalate a couple
of times to get through to someone who can tell you exactly what
info/servers/whatever you'll need before registering.
firewall# apt-get install pump
firewall# emacs /etc/network/interfaces
-> add the lines
-> auto eth1
-> iface eth1 inet dhcp
firewall# ifup eth1
-> complete the online forms, JS was essential :-(
firewall# ifdown eth1 ; sleep 1800 ; ifup eth1
> 6. Does iptables enable the use of things like ICQ and gaming over the
> internet 'out of the box' without the workrounds necessary when using
In my experience, anything requiring special modules (like ftp with NAT)
is easy to add in with iptables.
I compile the kernel for my f/w machine without modules, in the hope
that it'll make attempts to root it /slightly/ harder, but in reality,
you should be able to make it modular, and be able to use one of the
many example iptables scripts around on the net (google for "monmotha",
IIRC) to work out which modules you need to load.