firewall ??
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Fri Jul 2 18:08:50 UTC 2004
On Fri, 2004-07-02 at 10:50, Bobby Knueven wrote:
> I am getting ready to build my first firewall, using Fedora Core 2. I
> have read a lot of tutorials, but all of them are for firewall with NAT
> enabled. What do I do if I don't need NAT.
Why do you think you want NAT then? It's not _by_default_ installed
anyway. You have to specify. Just omit the instructions for NAT and
you're all set
> For example, I have a
> network with 50 Class B Ip's we use a default gateway supplied by our
> University and DHCP to distribute the IP's. So the only thing I really
> need to do is firewall my 50 IP's from the outside world while
> continuing to use our given IP's and gateway. Any thoughts on how to
> set this up would be appreciated.
Well... you need to set up a dhcp server.
The server is called dhcpd
cat /var/log/rpmpkgs | grep dhcp
dhcp-3.0.1rc14-1.i386.rpm
* note that you can do
# apt-get install dhcpd
if you don't already have it.
# cat /etc/dhcpd.conf
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.20;
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers Put_your_ISP_supplied Name_servers
Here;
default-lease-time 21600;
max-lease-time 43200;
}
The above is just an example of a NAT add list. Just substitute your ISP
supplied 50 ip addresses
option routers = default gateway
the range = 50 IPs - broadcast+gateway+etc..
#cat /etc/sysconfig/dhcpd
# Command line options here
DHCPDARGS=eth0
The above tells the service which NIC to listen for DHCP request on.
This is for your internal network connected to a switch/hub/etc.
make sure you start it up when you reboot
#chkconfig dhcpd on
then start the service
# service dhcpd start
> One more question, when connecting the outgoing NIC from the firewall
> to the rest of the network do I need to use a crossover cable or will I
> specify that the NIC is supposed to be outgoing in firewall
> configuration?
Nah.. I don't think you need a crossover.
The PC that is the firewall will have 2 NIC.
say..
eth0=internal network
eth1=firewall to ISP
I guess that's it.
I run a NAT'ed network, it should be the same.
/cheers
More information about the users
mailing list