Replies interspersed.
At 09:50 PM 7/1/2004 +0000, [EMAIL PROTECTED] wrote:
Hi everyone,
I was trying to setup a very simple firewall and then build up from there. I am using Bering uClibc 2.1.2
my setup is a cable modem with a static IP (I actually have 5 ip's but i'm trying to keep it simple to start) going to the
firewall in the first nic port, then from the firewall's second nic port to a switch (because i don't own a crossover cable),
I don't quite understand this physical description.
The LEAF router's external interface needs to connect to the cable modem, either directly or through a switch. Offhand, I think a direct connection, in this instance, does NOT use a crossover cable, but a connection of a cable modem to a switch requires either a crossover cable or an "uplink" port on the switch ... but that may vary. (My actual experience is with DSL modems, which do work this way.)
The LEAF router's internal interface should connect either to a normal (not "uplink") port on a switch or hub, using a regular cable, -OR- directly to another host using a crossover cable. Using a switch or hub is better, because sometimes NIN-to-NIC connections have trouble settling on a data rate, and you have enough to worry about without adding that uncertainty.
then to a laptop.
I have been messing around with Network configurations: interfaces file. From step 1 I have tried to setup option 1.2 but i
don't understand the settings completely since they look a little different from my standard Linksys router.
What do I fill in for address, broadcast, and gateway? My Isp gave me a subnet mask of 255.255.255.248
Address = the IP address you want the external interface (the one you'll connect to the cable modem, either directly or through a switch) to listen on. For now, call it a.b.c.d.
Broadcast = depends a bit on the address, since the netmask ends in .248. In practice, a.b.c.255 will usually work. For the excat value, see the parenthetical in the next item.
Gateway = the IP address of the ISP's router (at the other end of the cable-modem link). Your ISP should have provided you with this. Exact practice varies, but in your situation ( 5 static IP addresses), it is usually the one remaining unused address of the block of 8 (where the lowest is the network address, the highest the real broadcast address, and you are using 5 of the 6 intermediate addresses). For example, if your address range were a.b.c.2-6, your values would be:
network: a.b.c.0
gateway: a.b.c.1
broadcast: a.b.c.7I'm actually a bit puzzled as to how you got your Linksys to work without knowing all of this part.The small routers I've set up, from D-LInk and netgear, require this info for a static-address connection.
with my static ips. I used to input dns1 and dns2 in my Linksys Router, do i still have to do this?
Yes. Exactly how depends on how your LAN clients do DNS.
If your LAN clients use the ISP's nameservers directly, you only need to tell the LEAF router itself to use them too; do this by adding them to /etc/resolv.conf .
If the LAN clients expect to use the LEAF router as a forwarder, you'll need to configure dnscache to use them; someone else will have to explain that part, since I don't use it.
Then for step 2 I left it alone (default settings looked ok to me) for eth 1.
I thought i would first try to get on the internet with the laptop but it doesn't get to the internet. Is there a
simple setting I need to change to fix this?
Who knows? To answer that, we would need a much more complete description of the setup. Refer to the SR FAQ -- referenced at the end of all list e-mails -- to see what we need.
You also need to be more specific than " it doesn't get to the internet". What do you actually try and how does it fail? (Quote any error messages exactly.)
Finally, it would help if you did some intermediate tests, like ...
can the WinXP host ping the LEAF router?
can the WinXP host ping the ISP's default gateway?
can the WinXP host ping the DNS servers?
can the WinXP host ping a known-good Internet address?
can the LEAF router ping the WinXP host?
can the LEAF router ping the ISP's default gateway?
can the LEAF router ping the DNS servers?
can the LEAF router ping a known-good Internet address?In any case that is a NO, your report to us should include the failure message that ping reports back (there are 4 or more of these for Linux ping, and they are diagnostic).
I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and Eth0?
Is there a way to determine if leaf has installed the nic cards properly or at all? I didn't load any special drivers
because it looked like maybe they will work if the nics are common enough.
Next time, please tell us what makes and models of NICs you are using. Some wook out of the box, while others require add-in modules .... we can't guess which kind you have, and as a beginner, you shouldn't be guessing on your own.
Check what interfaces have been created with the command
ip link show
It will also tell you if they have been initialized (that is, assigned IP addresses).
I haven't messed with anything else in the system. do i need to change some settings in shorewall in order
for the laptop to access the internet?
Then of course there are the laptop settings, I am running Windows XP Pro. I have given it the following fixed ip settings:
ip address: 192.168.1.5
seb net mask: 255.255.255.0
default gateway: 192.168.1.1
DNS1 and DNS2: the supplied info from my ISP
These are fine.
btw, how do I change the login and password when LEAF boots up?
A previous reply told you to change the password with the command "passwd". You don't "change" the login, though you can add other userids than root (though on a router, there is really no reason to).
Please be kind to the noob, I really want to learn this and I really appreciate all the detail and
over-simplification you can stand to type. I know a very little about Routing, less about firewalls, and absolutely
nothing about Linux. I have been sucking on the Microsoft tit forever.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
