Dave Anderson wrote: > Hi, > > I'm going to be switching my home network from ISDN to ADSL in the next few > weeks, and I want to set up a LEAF firewall in preparation. I currently have > a linux box as my gateway, running iptables. That box has the fixed public > IP address that my ISP provided. I also run a few services on that machine, > such as qmail, dns, www, sshd. > > I'm going to buying an ADSL router, which will have an ethernet port on the > back, and I'm thinking of connecting that to my LEAF firewall, which > forwards traffic on to my internal network, including the linux box on which > I want to continue to run services. > > My questions are these (and I realise they're not all totally specific to > LEAF, but I know you guys know your networking ;-) > > - Will my adsl router get my public ip address (presumably)
No, the dsl router should pass the public ip address through to you LEAF box, if you set up the adsl router correctly. That public ip becomes eth0 on the LEAF. > - if so, should the router then have an internal address on it's private > facing port My older Alcatel adsl router does have a private ip address, like 10.0.0.184, but passes the public ip through to my LEAF, as I mentioned. > - if, so, then presumably the LEAF external port is in the same network Not usually. > - in the above setup, can I plug the internal eth from the router into the > LEAF NIC, with the right sort of cable The connection from adsl to LEAF external nic uses a standard, straight through UTP CAT5 cable. Do not use a specialty cross-over cable. > - Does my internal LEAF port then use another internal network, which > presumably is the same as my internal machines N/A > - Do I then need to specifically nat all incoming requests to my particular > internal server (www, smtp etc) We don't recommend running a public httpd or a public smtpd on the LEAF box, because it's a security risk, but that's up to you. If you run public services on your LEAF, then they are reached via your public IP usually. If you run private services for your internal lan on the LEAF, then those are reachable using the ip address of you private nic, usually 192.168.1.254. You can setup tinydns and dnscache on your LEAF so resolve names and adresses for you internal lan so that you can do the following from your internal LAN ssh hub if you name you leaf "hub". > - If so, does that mean I shouldn't use dhcp on the internal network, so I > can hard code the internal IP address of my server I'll let you reask some of these questions now that you have read my replies, if needed. > And finally, does all this sound like the best way of doing this? A lot of people do what I've described as the usual way. A very lot :) > My home > server is not really used by a large number of people - mainly for home > email and me logging in via ssh and imaps. It's pretty secure at the moment > with iptables on it, but I'd like to run LEAF, partly for even better > security, and partly to get used to LEAF even more. For a LEAF that uses iptables, you'll want to try out Bering. > Many thanks, > Dave Good Luck, Matthew _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user