firewall ??

Ow Mun Heng Ow.Mun.Heng at wdc.com
Fri Jul 2 18:08:50 UTC 2004 

On Fri, 2004-07-02 at 10:50, Bobby Knueven wrote:
> I am getting ready to build my first firewall, using Fedora Core 2. I 
> have read a lot of tutorials, but all of them are for firewall with NAT 
> enabled. What do I do if I don't need NAT. 

Why do you think you want NAT then? It's not _by_default_ installed
anyway. You have to specify. Just omit the instructions for NAT and
you're all set


> For example, I have a 
> network with 50 Class B Ip's we use a default gateway supplied by our 
> University and DHCP to distribute the IP's. So the only thing I really 
> need to do is firewall my 50 IP's from the outside world while 
> continuing to use our given IP's and gateway. Any thoughts on how to 
> set this up would be appreciated.


Well... you need to set up a dhcp server.
The server is called dhcpd 
cat /var/log/rpmpkgs | grep dhcp
dhcp-3.0.1rc14-1.i386.rpm

* note that you can do 
# apt-get install dhcpd 

if you don't already have it.

# cat /etc/dhcpd.conf

subnet 192.168.0.0 netmask 255.255.255.0 {

        range 192.168.0.10   192.168.0.20;
        option routers 192.168.0.1;
        option subnet-mask 255.255.255.0; 
        option domain-name-servers Put_your_ISP_supplied Name_servers
Here;
        default-lease-time 21600;
        max-lease-time 43200;
        }


The above is just an example of a NAT add list. Just substitute your ISP
supplied 50 ip addresses

option routers = default gateway
the range = 50 IPs - broadcast+gateway+etc..

#cat /etc/sysconfig/dhcpd 
# Command line options here
DHCPDARGS=eth0

The above tells the service which NIC to listen for DHCP request on.
This is for your internal network connected to a switch/hub/etc.

make sure you start it up when you reboot

#chkconfig dhcpd on

then start the service

# service dhcpd start


> One more question, when connecting the outgoing NIC from the firewall 
> to the rest of the network do I need to use a crossover cable or will I 
> specify that the NIC is supposed to be outgoing in firewall 
> configuration?

Nah.. I don't think you need a crossover. 
The PC that is the firewall will have 2 NIC.

say.. 
eth0=internal network
eth1=firewall to ISP

I guess that's it.
I run a NAT'ed network, it should be the same.

/cheers

More information about the users mailing list