Re: Trying to protect another computer with a gnome-lokkit firewall
Fellow,
I am new in Debian, but I'll try to help you with networks.
If your 'New Debian' PC is connected to the linksys router by the NIC1
and to the 'To be Protected' PC by the NIC2, it should be so,
configured:
NIC2 and 'To be Protected' PC should be i nthe same network address,
different from the network address between NIC1 and your router.
If the this linksys router is your local place main output, your NIC2
should be the gateway address for your 'to be protected PC'. Also, your
NIC1 should have - and it probably already is - configured with gateway
as the router LAN interface's IP.
If your 'to be protected' PC is connected to your New PC only by a
Twisted Pair Cable, (10BaseT, or higher) it shall be a cross-over one.
If this connection is made through a HUB (not using uplink port) or a
switch then it shall be a direct-cable connection.
For having ping response in your New Debian PC, the configuration of
your firewall shall allow ICMP protocol packets. Some security issues -
which I ignore - say not to do it, and I don't know why.
You do not have to write routes to your 'to be protected' pc from your
new debian one, because every network host knows its interfaces' network
address, and will find any adjacent host. But if you intend to ping this
'to be protected' PC fro manother host from the NIC1 network, then the
router shall know - have an entry on its routing table - that:
NIC2 network is reachable from New Debian PC's IP (its NIC1 address)
That's it.
I hope it was helpful.
Good luck and best regards.
On Sun, 2006-04-16 at 00:28 -0400, George Langford,Sc.D. wrote:
> > I [now] have a perfectly good desktop PC running debian, openoffice,
> > samba,
> > etc. just fine, and I still need a firewall to protect a legacy PC
> > with a foreign OS
> > that hasn't got any virus protection, but which I'd like to network.
> > I installed
> > gnome-lokkit and set it up as a firewall with zero hassle. I've
> > managed to configure
> > the debian PC's two NIC's, one connected as an input from my LinkSys
> > router, and
> > the other intended as an output to the PC to be protected. I can ping
> > the other
> > PC from the debian PC ... I can ping another, well protected notebook
> > PC on the
> > network, but the router is set up to ignore pings from the outside
> > world, so it
> > doesn't echo to the debian PC. That makes things a little harder. I
> > think I'd
> > better set up the LinkSys to recognize the debian PC as one of the
> > family.
> >
> > Here are my questions:
> >
> > 1. Should I use a crossover Ethrnet cable between the debian PC and
> > the PC that's
> > chained to it ? Or a standard Ethernet cable ?
> >
> > 2. Do I give the IP address of the debian PC as the Gateway address
> > for the other PC ?
>
>
> Progress report:
>
> There are really two networks - One consisting of the "new" PC running
> the recent
> install of debian sarge, another debian PC running closely the same
> thing and
> working great, thanks to the folks at LinuxForce, and a WinXP machine that
> occasionally "visits." Two consisting of eth1 on the "new" PC running
> debian sarge
> and connected to a legacy Win98SE machine which I need to operate a
> Kodak MDS-
> 100 microscope camera. I've configured the No. One network is OK
> (except for setting
> up shared folder, etc, of which there are presently none). And now the
> "new" PC
> running debian can ping the router OK, too ... I was using the wrong IP
> address for
> the router.
>
> The second, Network Two, is dead in the water. Ping reaches the legacy
> PC as well
> as eth1 on the "new" PC running debian sarge. Ping from the Win98SE machine
> reaches its NIC as well as the "new" PC's eth0 and eth1. So far, so
> good. Following
> Andrei Popescu's sage advice, I'm using the crossover cable, and the
> NIC's at each
> end emit happy green smiles. I've also forced the IP address of the
> eth1 NIC on the
> "new" PC running debian to be the gateway addressfor the NIC on the Win98SE
> machine, as approved by Andrei. I think that I have not even begun to
> set up Network
> Two, as it is really a completely separate network, presumably requiring
> another
> instance of Samba. But how to do that ?
>
> Part of my trouble is the DNS server - which the Win98SE PC wants to use
> to resolve
> my attempts to log in - so far, whenever W98SE's Setup Wizard has
> managed to get
> the icon from the "new" PC's debian system to show up in the Win98SE's
> Network
> Neighborhood window, I could not log in with my correct username,
> correct domain,
> and all the passwords that I use. I suspect that it's the pesky DNS
> server that's
> not being addressed properly. I've never gotten a glimmer of the
> Win98SE machine
> to appear in the Network Servers window on the "new" PC running debian.
>
> The "new" PC running debian sarge, gnome-lokkit, and [now] firefox works
> fine,
> albeit slowly, at surfing the Internet, viewing webmail, etc. The
> lokkit firewall
> is set up in high security mode and seems not to interfere with my surfing,
> however slow it is. Not sure where the slowness comes from, as I've got
> a DSL
> connection through which ftp's from the debian mirrors gush at 40kB/sec, but
> things slow to a crawl using http.
>
> George
>
>
--
Ms. Eng. Fernando Augusto Bender
Pesquisador em Controle Automático
51 8401 4413
Use Linux: http://www.debian.org
Comer, beber e amar. O resto não vale um níquel.
Lord Byron
Reply to: