Re: firewall setup xdsl: eth0/eth1/ppp0?
Doug MacFarlane wrote:
On Wed, 05 Nov 2003 01:15:18 -0900, Ken Irving wrote:
On Wed, Nov 05, 2003 at 09:52:42AM +0100, Andreas Bohnert wrote:
Hi,
I don't know how to setup my firewall for my new xdsl connection. I
saw some posting concerning adsl, so maybe there are some
people, who know how to handle this.
I'm not sure what you're talking about, with xdsl and lokal, but I'd
recommend the shorewall firewall.
I, too, can strongly endorse shorewall.
yes, I will have a look at shorewall. it is mentioned many times.
Fundamentally, your internal interface is eth0 and external is ppp0, which
I assume is a pppoe interface, and not pptp like you said. The pppoe
protocol does NOT use the ethernet interface's IP address for
communications.
it is pptp. pppoe is very common but in austria we use mostly pptp.
I have to setup the ppp daemon and connect with pptp 'router-ip'.
but maybe with pptp the ethernet interface's IP address will also not be
used..
Most implementations don't even require it to be
configured with one. The only way anyone is going to be able to route
traffic to eth1 with a 10. address on it is if they source-route it all
the way AND your, their, and all the ISP's in between, have configured
their routers poorly.
So, setup shorewall with eth0 as the internal, lan, or local interface,
and ppp0 as the external or internet interface.
If you are really paranoid, setup eth1 as a dmz interface, and don't
accept anything into or out of the dmz.
madmac
thanks, I will try that!
andreas
Reply to: