Re: Firewall

To: Debian <debian-user@lists.debian.org>
Subject: Re: Firewall
From: Rob Hudson <rob@eugene.net>
Date: Tue, 30 Jan 2001 09:41:05 -0800
Message-id: <[🔎] 20010130094104.C3681@fuggles.erehwon.com>
Mail-followup-to: Debian <debian-user@lists.debian.org>
In-reply-to: <[🔎] 5.0.0.25.2.20010130114141.00a61d78@63.146.7.65>; from eileen@orbell.com on Tue, Jan 30, 2001 at 11:44:29AM -0500
References: <[🔎] 5.0.0.25.2.20010130114141.00a61d78@63.146.7.65>

I set up a firewall for my cable modem using FreeBSD, mostly b/c I had
a friend's firewall I could use as an example and wanted to learn
another Unix.  I have a desktop behind the firewall running Debian.

You do assign the firewall your static IP from your cable, then give
everything behind the firewall a private IP address.

My scenario looks like this...

 +----------+   +----------+   +-----+ --> Desktop (192.168.1.2)
 | Internet |-->| Firewall |-->| Hub | 
 +----------+   +----------+   +-----+ --> Laptop (192.168.1.1)
   (cable)   eth1    ^      eth2
                     |
                    ---
                12.34.56.78   <- the IP from the cable into the first
                                 ethernet card
                192.168.1.254 <- the private IP for 2nd ethernet card

In FreeBSD, you can use natd (Network Address Translation Daemon (?))
to remap packets from different ports, so if you were running a
webserver on port 80 on your desktop, natd would send all those
packets to your desktop instead of your firewall.  The Linux
equivalent is ipchains (I believe).  It also keeps track of who
requested what and sends the result back to the right computer on the
private IP.  I'm not exactly sure how this works, but it's cool.  :)

I'm not sure what extra packages debian has to add firewalling
capabilities.  I'd be interested to find out more about a debian based
firewall.

FreeBSD has ipfw, which can deny or re-route packets from specific
IPs.  Combined with portsentry, which listens on specific ports for
portscans (via TCP or UDP), you can deny packets from people port
scanning you.

Just an FYI, as I'm sure a debian firewall would be about the same ...
without extra software (vim, lynx, less, mutt, and other programs I'm
used to) the install for the complete firewall was about 120MB.  I'm
running a 486 computer with 32MB RAM, 2 ne2000 compatible network
cards (ISA) and a 250MB hard drive.

That's about all I know.

-Rob

> On 20010130.1144, eileen@orbell.com said ...
>
> I have some questions about building a firewall.  I currently have a cable 
> modem connection which of course gives me a static IP address.  If I was to 
> build a firewall using a old 486 could I still assign my Debian box the 
> static IP address as it is needed for my server which I use for 
> hosting.  Or would the 486 use the static IP and assign the Debian box a 
> private IP address?  Also I know there are many firewall how to's out there 
> but would appreciate any recommendations.
> 
> Regards
> 
> 
> Eileen Orbell
> Software & Internet Applications
> Capitol College
> mailto:eileen@orbell.com
> mailto:eileen@orbell.net

--
Q: How does a UNIX Guru pick up a girl?
A: look; grep; which; eval; nice; uname; talk; date;

Reply to:

References:
- Firewall
  - From: eileen@orbell.com

Prev by Date: No Cursor In X in Two Months - Maybe I quit
Next by Date: Kensington 4 Button Track Ball???
Previous by thread: Firewall
Next by thread: Re: Firewall
Index(es):
- Date
- Thread