The new standalone firewall box I have built is now connecting via PPP with wvdial, a great little tool.
The firewall, be it shorewall or if I just decide to use ipchains with lokkit, is off.
The "firewall" and the "standalone firewall box" are the same, right? And that one box connects out to the Internet just fine, right?
Please note, you _will_ want to use Shorewall. Get the just-released 1.4.6 version, and it will be smooth as silk getting your whole configuration working. (For starters, it's very easy, and then I can give you all my config files. Piece of cake.)
There will be approximately 25 Windows NT machines behind this linux box, all of them feeding off the PPP connect over a 56K modem.
Dear God. Please try to get some sort of broadband access (at least 128 Kbps) as soon as possible. 25 machines on a 56 Kbps dial-up is really not very functional.
Only one of those NT machines has a static IP address - the rest are all being assigned (by Exchange I guess) 192.168 addresseses.
What is its static IP address? Who gave it that address? Is it a public IP address assigned by your ISP or is it a private one you assigned?
I have assigned the linux firewall a 192.168.0.0 address [...]
In every network, the first address is the name of the network and the last address is the broadcast address. So even though the network goes from 192.168.0.0 to 192.168.0.255, you cannot use either 0 or 255.
I usually set my firewall to .1 as a good habit, just to keep things orderly. But really, it does not matter which IP it gets as long as no one tries to use the same one for another computer. :-)
I am using the internet services DNS servers, and have assigned a machine of mine a 192.168.0.1 address.
I would assign the .1 to the firewall and give my box another address. Again, just nice and orderly.
Using your ISP's DNS servers is fine. If you choose to do so later, we can show you (another two-minute setup task) how to set up a caching nameserver on your firewall box so you get DNS answers more quickly. Let me comment that, at some point, you _will_ want to set up a DHCP server on your Linux box.
I now know I need to masquerade the packets on the network, since they are 192.168 addresses. I have set that up in /etc/sysctl.conf.
Don't go to a whole lot of trouble to set up masquerading. Using Shorewall, in /etc/shorewall/masq, insert the following:
ppp+ <tab> eth0
That will set up everything you need for masquerading when you turn on Shorewall. While you're at it, make sure that you have your 192.168.0.0/24 (that means the whole 192.168.0.0 network, which has a 24-bit netmask) in your /etc/shorewall/routestopped file. That will allow you to stop the firewall but not get locked out of the box.
Yell if it still doesn't work.
-- Rodolfo J. Paiz [EMAIL PROTECTED]
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
