on a more fundamental note ... the purpose of a router/firewall is to seperate network segments and control what stuff can move between them ... as a very basic example with three network cards consider this very traditional layout ... Network 1 = LAN, all internal workstations Network 2 = DMZ (demilitarized zone), servers that must have limited exposure to the Internet Network 3 = WAN, the Internet at large ... you would setup such a system so that all three are unique IP address blocks, maybe something like this ... Network 1 = 192.168.0.0/255.255.255.0, 254 private non-routable IP addresses Network 2 = 192.168.1.0/255.255.255.0, 254 private non-routable IP addresses Network 3 = 68.168.1.31/255.255.255.248, 16 public routable IP addresses provided by your ISP your equipment would then be connected as follows ... Network 1, internal workstations, phones, printers and such that should be protected from internet attack Network 2, email server, web server, Asterisk server and others that for whatever reason must be exposed to the internet to do the assigned task Network 3, danger zone where none of your precious equipment should reside once this is topology is in place, you would then control which "ports" (think of them like channels on the TV) will be allowed to pass between the segments ... this is what the firewall does ... lets you open small holes in the wall that only allows that traffic which must pass between network segments ... it is possible to have 4, 5 or however many network segments you need depending on the complexity of your requirement ... maybe you dont need a DMZ but do need to support wireless ... so you would setup your Network 2 to be a wireless "Int2" network instead of being a DMZ ... but for routing between Int2 and the other segments to work properly, it must be on a unique network segment (IP address range) ... and you would need to devise a set of rules that determine what data can pass between "Int1", Int2" and "Wan" these days it is not uncommon to setup two WAN interfaces to provide load balancing between two Internet connections ... so the variety of possible configurations is large ... This is VERY basic info ... this topic could easily fill a book or two ... I hope this helps those who are unfamiliar with routing and firewall in general get an idea of the basics from a 50,000 foot view ... when it gets down to the details, Google is your friend ... documentation for the m0n0wall and/or pFsense projects will provide a lot of ideas on specific situations ... G.Hendershot
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark van Berkel Sent: Sunday, December 03, 2006 9:51 AM To: [EMAIL PROTECTED] Subject: [Astlinux-users] Configuring Astlinux to act as a router I apologize if this got sent twice. I have been having problems with my e-mail...mostly my fault. I need some guidance and help on configuring my Astlinux box to act as a router/firewall as well as a great PBX! I am not a networking expert so likely some of my problems are likely not having a complete understanding of IP networks. Here is my setup: I have 2 wired ethernet interfaces (one is a ASIX USB dongle), and an Atheros wi-fi card setup as a AP. All hardware is up and working. Calls to my IAX provider over the internet work fine. (snipped from my rc.conf) EXTIF=eth0 (this is connected to an upstream DHCP router providing Internet access. The IP address assigned is in the range of 192.168.1.1xx) INTIF=ap0 INTIP=192.168.2.1 INTNM=255.255.255.0 INT2IF=eth1 INT2IP=192.168.2.2 INT2NM=255.255.255.0 DMZ=extme DENYACT="DROP" I want to provide DHCP services on to the clients on INTIF and INT2IF (ap0 & eth1), access to the Asterisk server and Internet connectivity. The DHCP server is working and assigning IP addresses. I have tried bridging the various interfaces (eth1 and ap0, eth0 and ap0, etc) buy no joy. If anyone could point me to some documentation/wiki/FAQ on this it would be appreciated. Mark
_______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
