----- Original Message ----- From: "Thomas Cook" <[EMAIL PROTECTED]> To: "Debian Firewall" <[email protected]> Sent: Sunday, January 06, 2002 6:00 PM Subject: Re: Ip_forward trouble
Ok, I think we're starting to home in on an understanding. --- snip --- I can't get a test box behind the firewall to see the firewall or any Ethernet signal on the network line. With the settings I have described, when I plug a line from the internal adapter of the firewall to the NIC of the Win2k test box, I expect to see the link light to come on, the network indicator in the system tray to so a connection, and to be able to ping the firewall from the test box, but I am not. As far as I can tell, there is no Ethernet signal coming form the firewall to service the internal network. This is my problem. --- snip --- When you are connecting two computers to eachother w/o a hub or switch you have to make sure you are using a cross-over cable not a straight cable. That is why you are probably not getting a link. --- snip --- I really appreciate this help, -Tom On 1/6/02 5:34 PM, "TOKI -- linux powa :)" <[EMAIL PROTECTED]> wrote: > Ok now i understand well. > Ok your network is very logical. I understand why you choosed to take > 10.0.x.y adresses. > > With debian it should be easy to setup this kind of firewall. > To my mind because it s just beetween 2 networks, i would have recommend > you openBSD. (because of the security of your lab too). > > Debian can be easily a strong firewall (mine is a debian). > It will let you the choice of 2.2 or 2.4 kernels (i dont recommand 2.5.1 > cause is stil in beta test) > > So with 2.2 you have ipchains, ipmasqadm, and with 2.4 iptable and NAT. > > However you will not have any difficulties to find a solution for your > prob. you can find lots of scripts for walling your debian on the net. > > try sourceforge.net or freshmeat.net > > Be happy. Your firewall will be easy to set up. > (But you have to secure it before doing anything else !!!) > Like removing files or services that you don t need, making strongest > rules for your wall, compiling your kernel staticly etc... > Tasks that you need to do !!! > And of course it will not protect you if you don t protect your servers. > > A long task for a newbie but it pays well ;)) > You can be sure .. ;) > > On Sun, 2002-01-06 at 22:47, Thomas Cook wrote: >> TOKI: >> >> >> The use is that I don�t really know what I'm doing. Well, not totally... >> Here is the lay of the land. >> >> I have a high speed connection connected (appropriately enough) to a >> hardware router and hub. This router (192.168.1.1) serves as a DHCP host >> for my little LAN. On this LAN there are basically 2 sectors. The first is >> the general house computers, used by the people here for surfing and e-mail, >> nothing fancy. There are at any time, between 6 and 12 of these, mostly >> running windows. Because they have no use for it, all of their ports are >> blocked from the outside by the router I mentioned. >> >> The second leg of the network is my computer lab. This lab consists of >> about 2 dozen boxes running any number of OS's and services like my mail, >> web site, shell server, etc. Not all of this are set up, mainly because >> they need to be seen from the outside, and thus protected. Hence the >> firewall (among other protections). >> >> I have set the firewall up on the network, with an IP address from the >> router, and have left that IP in the DMZ of the router so it is seen from >> the internet at large. I want to set up some sort of NAT to translate the >> ports of the firewall to the appropriate servers behind the firewall. To >> avoid any confusion by the people on the larger house network, I was going >> to use the 10... IP rang for the network, but it really makes no difference, >> and I can just as easily set them up with the subnet you suggest. (though >> the term easily may not apply as I have yet to get this working). >> >> I have been fighting with several firewall solutions (smoothwall, Gibraltar, >> redhat based, openBSD based), but because the box i am using is SCSI based, >> it has a complicated install, and many distros have trouble. I like debian, >> because it installs flawlessly, has that great package system, and I have >> used it in many of the boxes in the lab. I have though about trying a >> hardware solution (namely a netscreen 5xp) but the price tag of a $500 >> hardware firewall vs. a free debian firewall is always a deal breaker. >> >> Maybe some of this rambling will help, >> -Tom >> >> >> -- >> To UNSUBSCRIBE, email to [EMAIL PROTECTED] >> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
