Re: [newbie] Linux/Networking/Firewall
I'm not sure I understand your question, but what if you use a Linksys BEFSR41 router as your firewall? Then connect the various computers to the router. Will that work? (I'm not into any computer games outside of the occasional solitaire or Windows Pinball (really well done, I think!)) But I do have the router, and you can set it up to stealth (hide) your computer completely! (You need the latest software from the net.) And it's easy. Even I can do it! --doug, wa2say At 10:09 10/16/2000 -0700, someone wrote: Hoping for some help here: I previously had the following setup within my network at my residence. 1 Linux box w/ 2 NIC cards. 1 connected to the DSL modem, and 1 to a HUB where other computers throughout the house are connected. I configured NIC 1 for the IP address given to me by my DSL provider, and configured the other NIC for the private network IP range 196.168.x.x. Next I configured IP Forwarding and Masquerading, and alas had everything set up and working perfectly. Some online games won't allow duplicate IP addresses to be seen on the game server, and as all computers within my private net were sharing the 1 IP address provided by the DSL provider, only one computer at a time to could be gaming. I've recently acquired a different DSL package, which gives me 5 static IP address, so I should be able to configure my network as I hoped. Obviously, I could have just put all computers, and the DSL modem on my HUB and life would be good from a gaming perspective, however, I would very much like to have a firewall installed that helps protect against intruders. Under this scenario, I'd have to install a firewall on each PC to gain some protection...what a hassle. What I'd like to do is configure my Linux box like I had before, but replace the Private network with additional IP's that I gained. I tried setting this up, but fell short after realizing that Linux acting as a router can't route unless there are two different networks (IP sets) to route between. Since all my machines IP's belong to the same network (IP set), I can't "route" per se. What I came across were some HOWTO's on bridging+firewall. Essentially the bridge creates a virtual NIC that binds the two together, and I place the firewall (IPchains) on this virtual NIC. I configured it, set it up, and appear to be accomplishing my goal. The firewall stuff is working on every machine, and of course gaming is now a reality. In summary, my question is this. Is this the best/only approach I can take in setting up my environment? Is there a way to accomplish this by setting up my own route tables? The reason I ask is because when everything is "idle" on my network, I see blips on the DSL modem about every 3 seconds or so. I've narrowed it down to the bridge stuff, as I can bring the bridge down, and the blipping stops. I don't know what is happening, and I don't believe that the bridge is impacting performance much, still I don't know, so I thought I'd pose the question to the experts out there. Thanks in advance, Mark Wignall [EMAIL PROTECTED]
[newbie] Linux/Networking/Firewall
Hoping for some help here: I previously had the following setup within my network at my residence. 1 Linux box w/ 2 NIC cards. 1 connected to the DSL modem, and 1 to a HUB where other computers throughout the house are connected. I configured NIC 1 for the IP address given to me by my DSL provider, and configured the other NIC for the private network IP range 196.168.x.x. Next I configured IP Forwarding and Masquerading, and alas had everything set up and working perfectly. Some online games won't allow duplicate IP addresses to be seen on the game server, and as all computers within my private net were sharing the 1 IP address provided by the DSL provider, only one computer at a time to could be gaming. I've recently acquired a different DSL package, which gives me 5 static IP address, so I should be able to configure my network as I hoped. Obviously, I could have just put all computers, and the DSL modem on my HUB and life would be good from a gaming perspective, however, I would very much like to have a firewall installed that helps protect against intruders. Under this scenario, I'd have to install a firewall on each PC to gain some protection...what a hassle. What I'd like to do is configure my Linux box like I had before, but replace the Private network with additional IP's that I gained. I tried setting this up, but fell short after realizing that Linux acting as a router can't route unless there are two different networks (IP sets) to route between. Since all my machines IP's belong to the same network (IP set), I can't "route" per se. What I came across were some HOWTO's on bridging+firewall. Essentially the bridge creates a virtual NIC that binds the two together, and I place the firewall (IPchains) on this virtual NIC. I configured it, set it up, and appear to be accomplishing my goal. The firewall stuff is working on every machine, and of course gaming is now a reality. In summary, my question is this. Is this the best/only approach I can take in setting up my environment? Is there a way to accomplish this by setting up my own route tables? The reason I ask is because when everything is "idle" on my network, I see blips on the DSL modem about every 3 seconds or so. I've narrowed it down to the bridge stuff, as I can bring the bridge down, and the blipping stops. I don't know what is happening, and I don't believe that the bridge is impacting performance much, still I don't know, so I thought I'd pose the question to the experts out there. Thanks in advance, Mark Wignall [EMAIL PROTECTED]
Re: [newbie] Linux/Networking/Firewall
"Wignall, Mark T" wrote: In summary, my question is this. Is this the best/only approach I can take in setting up my environment? Is there a way to accomplish this by setting up my own route tables? The reason I ask is because when everything is "idle" on my network, I see blips on the DSL modem about every 3 seconds or so. I've narrowed it down to the bridge stuff, as I can bring the bridge down, and the blipping stops. I don't know what is happening, and I don't believe that the bridge is impacting performance much, still I don't know, so I thought I'd pose the question to the experts out there. Thanks in advance, Mark Wignall [EMAIL PROTECTED] I am by no means an expert with routing, firewalls, etal. However have you considered the Linux Router Project (LRP)? I think it can do what you want from the gaming aspect plus a lot more. Its compact in size (the whole thing will fit on one floppy disk), will run on a 486 on up and a lot more. A good place to start is: http://lrp.c0wz.com/ Since you now have static IPs, my guess, it should be easy.
Re: [newbie] Linux/Networking/Firewall
You need to alias the external interface to act as all 5 external "real" IP addresses a,d use ipmasqadm to port forward the incoming requests to the appropriate masqeud internal IP address. The format for setting IP aliasing is (where the "xxx.xxx.xxx.xxx"s correspond to the IP addresses and subnet info from your ISP): /sbin/ifconfig eth0:0 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.255 repeat for each aliased eth0 IP (eth0:1, eth0:2, eth0:3, etc.), and then create ipchains rules for firewalling each aliased IP. In the firewall script, make sure the gaming port is open for all aliased IPs. Install ipmasqadm and set port forwarding rules for each aliased IP to each corresponding masqued internal IP. I believe the syntax is as follows, but you should read the ipmasqadm HOW-TOs to be sure.: (Assuming your internal network is on192.168.x.x, and the Gaming Port is "") /sbin/ipmasqadm -a -P tcp -L xxx.xxx.xxx.xxx -R 192.168.xxx.xxx Let me know if this helps, or if I've screwed something up in the translation. :-) --Greg - Original Message - From: "Wignall, Mark T" [EMAIL PROTECTED] Hoping for some help here: I previously had the following setup within my network at my residence. 1 Linux box w/ 2 NIC cards. 1 connected to the DSL modem, and 1 to a HUB where other computers throughout the house are connected. I configured NIC 1 for the IP address given to me by my DSL provider, and configured the other NIC for the private network IP range 196.168.x.x. Next I configured IP Forwarding and Masquerading, and alas had everything set up and working perfectly. Some online games won't allow duplicate IP addresses to be seen on the game server, and as all computers within my private net were sharing the 1 IP address provided by the DSL provider, only one computer at a time to could be gaming. I've recently acquired a different DSL package, which gives me 5 static IP address, so I should be able to configure my network as I hoped. Obviously, I could have just put all computers, and the DSL modem on my HUB and life would be good from a gaming perspective, however, I would very much like to have a firewall installed that helps protect against intruders. Under this scenario, I'd have to install a firewall on each PC to gain some protection...what a hassle. What I'd like to do is configure my Linux box like I had before, but replace the Private network with additional IP's that I gained. I tried setting this up, but fell short after realizing that Linux acting as a router can't route unless there are two different networks (IP sets) to route between. Since all my machines IP's belong to the same network (IP set), I can't "route" per se. What I came across were some HOWTO's on bridging+firewall. Essentially the bridge creates a virtual NIC that binds the two together, and I place the firewall (IPchains) on this virtual NIC. I configured it, set it up, and appear to be accomplishing my goal. The firewall stuff is working on every machine, and of course gaming is now a reality. In summary, my question is this. Is this the best/only approach I can take in setting up my environment? Is there a way to accomplish this by setting up my own route tables? The reason I ask is because when everything is "idle" on my network, I see blips on the DSL modem about every 3 seconds or so. I've narrowed it down to the bridge stuff, as I can bring the bridge down, and the blipping stops. I don't know what is happening, and I don't believe that the bridge is impacting performance much, still I don't know, so I thought I'd pose the question to the experts out there. Thanks in advance, Mark Wignall [EMAIL PROTECTED] __ Vous avez un site perso ? 2 millions de francs à gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
Re: [newbie] Linux/Networking/Firewall
you need to re compile the kernel for this ok for ip masq you need to re config the kernel ok stephen - Original Message - From: "Greg Stewart" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 8:34 AM Subject: Re: [newbie] Linux/Networking/Firewall You need to alias the external interface to act as all 5 external "real" IP addresses a,d use ipmasqadm to port forward the incoming requests to the appropriate masqeud internal IP address. The format for setting IP aliasing is (where the "xxx.xxx.xxx.xxx"s correspond to the IP addresses and subnet info from your ISP): /sbin/ifconfig eth0:0 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.255 repeat for each aliased eth0 IP (eth0:1, eth0:2, eth0:3, etc.), and then create ipchains rules for firewalling each aliased IP. In the firewall script, make sure the gaming port is open for all aliased IPs. Install ipmasqadm and set port forwarding rules for each aliased IP to each corresponding masqued internal IP. I believe the syntax is as follows, but you should read the ipmasqadm HOW-TOs to be sure.: (Assuming your internal network is on192.168.x.x, and the Gaming Port is "") /sbin/ipmasqadm -a -P tcp -L xxx.xxx.xxx.xxx -R 192.168.xxx.xxx Let me know if this helps, or if I've screwed something up in the translation. :-) --Greg - Original Message - From: "Wignall, Mark T" [EMAIL PROTECTED] Hoping for some help here: I previously had the following setup within my network at my residence. 1 Linux box w/ 2 NIC cards. 1 connected to the DSL modem, and 1 to a HUB where other computers throughout the house are connected. I configured NIC 1 for the IP address given to me by my DSL provider, and configured the other NIC for the private network IP range 196.168.x.x. Next I configured IP Forwarding and Masquerading, and alas had everything set up and working perfectly. Some online games won't allow duplicate IP addresses to be seen on the game server, and as all computers within my private net were sharing the 1 IP address provided by the DSL provider, only one computer at a time to could be gaming. I've recently acquired a different DSL package, which gives me 5 static IP address, so I should be able to configure my network as I hoped. Obviously, I could have just put all computers, and the DSL modem on my HUB and life would be good from a gaming perspective, however, I would very much like to have a firewall installed that helps protect against intruders. Under this scenario, I'd have to install a firewall on each PC to gain some protection...what a hassle. What I'd like to do is configure my Linux box like I had before, but replace the Private network with additional IP's that I gained. I tried setting this up, but fell short after realizing that Linux acting as a router can't route unless there are two different networks (IP sets) to route between. Since all my machines IP's belong to the same network (IP set), I can't "route" per se. What I came across were some HOWTO's on bridging+firewall. Essentially the bridge creates a virtual NIC that binds the two together, and I place the firewall (IPchains) on this virtual NIC. I configured it, set it up, and appear to be accomplishing my goal. The firewall stuff is working on every machine, and of course gaming is now a reality. In summary, my question is this. Is this the best/only approach I can take in setting up my environment? Is there a way to accomplish this by setting up my own route tables? The reason I ask is because when everything is "idle" on my network, I see blips on the DSL modem about every 3 seconds or so. I've narrowed it down to the bridge stuff, as I can bring the bridge down, and the blipping stops. I don't know what is happening, and I don't believe that the bridge is impacting performance much, still I don't know, so I thought I'd pose the question to the experts out there. Thanks in advance, Mark Wignall [EMAIL PROTECTED] __ Vous avez un site perso ? 2 millions de francs à gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.198 / Virus Database: 95 - Release Date: 10/4/00
