firewall ??

[Rodolfo J. Paiz]

At 11:50 AM 7/2/2004, Bobby Knueven wrote:
>I am getting ready to build my first firewall, using Fedora Core 2. I have 
>read a lot of tutorials, but all of them are for firewall with NAT 
>enabled. What do I do if I don't need NAT. For example, I have a network 
>with 50 Class B Ip's we use a default gateway supplied by our University 
>and DHCP to distribute the IP's. So the only thing I really need to do is 
>firewall my 50 IP's from the outside world while continuing to use our 
>given IP's and gateway. Any thoughts on how to set this up would be 
>appreciated.

Use Shorewall [1] and read the "Two-Interface Quick Guide". You may also 
want to take a look at my "Small Netserver HOWTO" [2] which is grossly 
incomplete yet may offer some useful hints. It'll be finished someday, but 
may get you started now.

[1] http://www.shorewall.net

[2] http://www.simpaticus.com/linux

Note that you may not *need* NAT but might want it anyway, as just one more 
layer of protection for your network. Just depends on how secure you want 
to try to be.

>One more question, when connecting the outgoing NIC from the firewall to 
>the rest of the network do I need to use a crossover cable or will I 
>specify that the NIC is supposed to be outgoing in firewall configuration?

Computer-to-computer or switch-to-switch connections need a crossover 
cable; computer-to-switch connections need a normal/straight/standard 
cable. What you are putting through the connection does not affect cabling. 
You will, however, need to tell the firewall and the routing rules which 
connection goes where, etc. so traffic goes to the right place.

Cheers,


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com