Dave Anderson wrote:
> Hi,
>
> I'm going to be switching my home network from ISDN to ADSL in the next few
> weeks, and I want to set up a LEAF firewall in preparation. I currently have
> a linux box as my gateway, running iptables. That box has the fixed public
> IP address that my ISP provided. I also run a few services on that machine,
> such as qmail, dns, www, sshd.
>
> I'm going to buying an ADSL router, which will have an ethernet port on the
> back, and I'm thinking of connecting that to my LEAF firewall, which
> forwards traffic on to my internal network, including the linux box on which
> I want to continue to run services.
>
> My questions are these (and I realise they're not all totally specific to
> LEAF, but I know you guys know your networking ;-)
>
> - Will my adsl router get my public ip address (presumably)
No, the dsl router should pass the public ip address through
to you LEAF box, if you set up the adsl router correctly.
That public ip becomes eth0 on the LEAF.
> - if so, should the router then have an internal address on it's private
> facing port
My older Alcatel adsl router does have a private ip address, like
10.0.0.184, but passes the public ip through to my LEAF, as I mentioned.
> - if, so, then presumably the LEAF external port is in the same network
Not usually.
> - in the above setup, can I plug the internal eth from the router into the
> LEAF NIC, with the right sort of cable
The connection from adsl to LEAF external nic uses a standard,
straight through UTP CAT5 cable. Do not use a specialty cross-over
cable.
> - Does my internal LEAF port then use another internal network, which
> presumably is the same as my internal machines
N/A
> - Do I then need to specifically nat all incoming requests to my particular
> internal server (www, smtp etc)
We don't recommend running a public httpd or a public smtpd on the
LEAF box, because it's a security risk, but that's up to you.
If you run public services on your LEAF, then they are reached
via your public IP usually. If you run private services for
your internal lan on the LEAF, then those are reachable using
the ip address of you private nic, usually 192.168.1.254. You
can setup tinydns and dnscache on your LEAF so resolve names
and adresses for you internal lan so that you can do the following
from your internal LAN
ssh hub
if you name you leaf "hub".
> - If so, does that mean I shouldn't use dhcp on the internal network, so I
> can hard code the internal IP address of my server
I'll let you reask some of these questions now that you
have read my replies, if needed.
> And finally, does all this sound like the best way of doing this?
A lot of people do what I've described as the usual way.
A very lot :)
> My home
> server is not really used by a large number of people - mainly for home
> email and me logging in via ssh and imaps. It's pretty secure at the moment
> with iptables on it, but I'd like to run LEAF, partly for even better
> security, and partly to get used to LEAF even more.
For a LEAF that uses iptables, you'll want to try out Bering.
> Many thanks,
> Dave
Good Luck,
Matthew
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
