Hi there!
I have been working a while with simple routing setups, such as ISDN or DSL
masqueraded to a private network, some times firewalled. Now I want to setup
a more advanced firewall, and therefore I have some basic questions:
My hardware consists of one linux box with in all five NICs, one router for
dialup DSL (dynamic IPs, does NAT) and one router for the dedicated DSL (a
range of four static IPs, does transparent routing).
What I want is to do the following:
1. Set up a firewall (with strong ruleset) in combination with bridging. All
computers behind that firewall which should be accessible from outer space
will get one of the static IPs. Therefore the firewall has to be
transparent, if my understanding so far is right. Correct me please if
that's wrong. Input on the first NIC, output to the second, which is
connected to the 'DMZ' hub.
2. Have a second firewall (with a bit more friendly ruleset :-) that
features port/content/whatever based routing to make use of both subscriber
lines, based on which connection is more suitable for the specific purpose.
Input on the third NIC, output to the fourth, which is connected to the
'Intranet' switch.
3. In the near future it could be that we want to use a wireless LAN
connection to join two private networks together over a distance of a stone
throw. Needs routing between the LAN interface (four) to the fifth NIC.
4. It would be nice (but not needed) if packets coming from the Intranet and
destinated for the DMZ would be routed inside the box, and not outside
between my two providers. Testing a webserver with 100 MBit is by far more
pleasant than testing it with 144 kbit ;-)
I'll try to sum this up in a drawing:
+-------------+ +-------linux--box-------+
| ADSL Router | | | +-----------------+
| dyn IP |===1 <> firewall+bridge <> 2===| DMZ Hub |==>...
+-------------+ | | +-----------------+
| ^ ?? |
+-------------+ | | +-----------------+
| SDSL Router |===3 <> firewall+routing <> 4===| Intranet switch |==>...
| 4 static IP | | ^ | +-----------------+
+-------------+ +------------5-----------+
|
+------------------+
| WLAN Transceiver |
+------------------+
And now to my questions:
1. Is it actually possible to set up two parallel working firewalls on one
box? Even if one should route (NICs need IPs) and one should be transparent?
1. I've read the bridging+firewalling howto, and all sounds very fine. But
it's quite old, and as far as I know there's no update yet. In this howto
the author writes about a special kernel patch, which swaps the firewalling
and the bridging layer of the kernel, so that filter rules would match.
Otherwise the packets pass by 'under' the firewall. Do I need this patch for
a 2.4 kernel? If no, how do I set up the kernel to handle the packets the
right way?
I hope someone read all this ;-) and many thanks for any answer!
Greetings >>>> Philipp
+--- -- -
icq 63599319
www.pealpjpain.net
- -- ---+
