Re: firewall setup xdsl: eth0/eth1/ppp0?

To: debian-user@lists.debian.org
Subject: Re: firewall setup xdsl: eth0/eth1/ppp0?
From: Ken Irving <fnkci@uaf.edu>
Date: Wed, 5 Nov 2003 01:15:18 -0900
Message-id: <[🔎] 20031105101518.GA24692@shand.engr.uaf.edu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3FA8BA5A.3090008@online.de>
References: <[🔎] 3FA8BA5A.3090008@online.de>

On Wed, Nov 05, 2003 at 09:52:42AM +0100, Andreas Bohnert wrote:
> Hi,
>    I don't know how to setup my firewall for my new xdsl connection. I 
> saw some posting         concerning adsl, so maybe there are some 
> people, who know how to handle this.

I'm not sure what you're talking about, with xdsl and lokal, but I'd
recommend the shorewall firewall.  It takes a bit of configuration, but
pretty minimal, and straightforward if you follow the docs and examples.
I've used it for a dsl connection with pppoe on interface eth0, internal
network on eth1.  The woody/stable package is not exactly current, but
very workable and the docs and examples are available for it.  I'm sure
unstable is at the latest version, so might be preferable especially
if you feel the need to request help (most questions on the shorewall
list are answered by the developer, often to implore folks to read
and follow the docs).

Maybe this is off the mark for your situation, I don't know.  Good luck!

Ken

> 
>    here is my situation:
> 
>    eth0 is connect to my private network (192.168.0.1).
>    my eth1 gets an lokal ip from my xdsl router (subnet 10.x.x.x).
>    than I have to build up a tunnel connection with my router with pptp.
>    now I have ppp0, which is my xdsl interface.
>   
>    this works fine, but now I have to setup my firewall!
>   
>    I know ppp0 is my external interface now, but what about eth1 (which 
> is connect to my router)?
>    I looked around and some people say, they setup the firewall like this:
>    eth0 (private)           = FW_DEV_INT
>    eth1 (connect to router) = FW_DEV_INT !!
>    ppp0 (xdsl)              = FW_DEV_EXT
>   
>    but somehow I think, eth1 should be FW_DEV_EXT as well, because it's 
> phyiscally connected to the internet.
>    also, what about the firewall between ppp0 and eth1 - it shouldn't 
> block communication.
>   
>    so, what do you think, if I configure eth1 as external?
> 
>    thanks for any advice!
> 
> andreas
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 

-- 
Ken Irving, Research Analyst, fnkci@uaf.edu, 907-474-6152
Water and Environmental Research Center
Institute of Northern Engineering
University of Alaska, Fairbanks

Reply to:

Follow-Ups:
- Re: firewall setup xdsl: eth0/eth1/ppp0?
  - From: Doug MacFarlane <madmac@vauban.com>
- Re: firewall setup xdsl: eth0/eth1/ppp0?
  - From: Doug MacFarlane <madmac@vauban.com>

References:
- firewall setup xdsl: eth0/eth1/ppp0?
  - From: Andreas Bohnert <abo@online.de>

Prev by Date: WindowMaker Attributes
Next by Date: Some newbie questions
Previous by thread: firewall setup xdsl: eth0/eth1/ppp0?
Next by thread: Re: firewall setup xdsl: eth0/eth1/ppp0?
Index(es):
- Date
- Thread