On Tue, Nov 12, 2002 at 02:11:05PM +0000, Michael Boyd wrote: > A while ago I built a debian firewall from an old 486 which, by virtue > of NAT, my Win98 PC hid behind. I didn't get as far as using dial on > demand but that was my next step. I have now moved to an area covered > by cable broadband provided by Blueyonder in the UK. I am inclined to > sign up for this and rebuild my debian firewall to suit. I know I could > use something like SmoothWall but like to understand some of what goes > on 'under the bonnet'. I found building my first firewall a great > introduction to GNU/Linux in general, debian and networking. > > If anyone has had any good/bad experiences with this I would be grateful > for them. > > Also I have a few queries which I'd be grateful for help with:- > > 1. The set up will be as follows, I use greek letters for naming > purposes at the moment:- > > / Beta(W98 Desktop) > Internet---Cable Modem---Alpha(Firewall/Router)---Hub- Gamma(Debian > Desktop) > | \ X Terminals etc > Omega (Experimental > Web Server) etc > > Is it correct to call Alpha a Firewall/Router? I gather it will get its > external IP address dynamically. I will use NAT to hide the 10.X.X.X > internal addresses.
I see no reason why you can't call it a firewall. Firewall/NAT Box, whatever you like. > > 2. What packages do I need over and above those I am familiar with for > my old dial-up set-up? I am thinking mainly of DHCP which I believe is > necessary as I will have a dynamic external IP address. I think I will > write the iptables rules by hand. I used ssh in my previous set-up to > login to the firewall internally which worked well so I will do that > agin and make sure telnetd isn't on the machine. To get a dynamic IP from my cable modem ISP, I used dhcpcd and it works fine for me. /etc/dhcpc/config is your config file where you specify which interface to use. Pretty cut and dry. > > 3. Is a 486 up to the task? I believe the download rate is up to 512K. A 486 should serve 20-25 clients just fine. I have a P120 and it suits me just fine. > > 4. How can I install Woody with a 2.4 kernel from my CD set? The > default seems to be a 2.2 kernel. I don't understand the instructions > on the CDs or those I've found on the internet. I believe I need 2.4 to > use iptables. Try running bf24 as a boot argument > > 5. I want to get emails generated by Alpha (containing logfiles etc) > delivered via an email address provided by the cable provider *or* > internally. Am I correct in thinking exim can do both of these > alternatives? Apologies if I am straying 'off list' here. Yes it can be done. run eximconfig and set up your box as a smart host. Contact me personally if you want to discuss this further. > > 6. Does iptables enable the use of things like ICQ and gaming over the > internet 'out of the box' without the workrounds necessary when using > ipchains? Got me on this one. > TIA > > Mike > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > HTH, -- Darryl N. Grant Network Services Manager Capitol College [EMAIL PROTECTED] 301.369.2800, x3003
