I set up a firewall for my cable modem using FreeBSD, mostly b/c I had
a friend's firewall I could use as an example and wanted to learn
another Unix. I have a desktop behind the firewall running Debian.
You do assign the firewall your static IP from your cable, then give
everything behind the firewall a private IP address.
My scenario looks like this...
+----------+ +----------+ +-----+ --> Desktop (192.168.1.2)
| Internet |-->| Firewall |-->| Hub |
+----------+ +----------+ +-----+ --> Laptop (192.168.1.1)
(cable) eth1 ^ eth2
|
---
12.34.56.78 <- the IP from the cable into the first
ethernet card
192.168.1.254 <- the private IP for 2nd ethernet card
In FreeBSD, you can use natd (Network Address Translation Daemon (?))
to remap packets from different ports, so if you were running a
webserver on port 80 on your desktop, natd would send all those
packets to your desktop instead of your firewall. The Linux
equivalent is ipchains (I believe). It also keeps track of who
requested what and sends the result back to the right computer on the
private IP. I'm not exactly sure how this works, but it's cool. :)
I'm not sure what extra packages debian has to add firewalling
capabilities. I'd be interested to find out more about a debian based
firewall.
FreeBSD has ipfw, which can deny or re-route packets from specific
IPs. Combined with portsentry, which listens on specific ports for
portscans (via TCP or UDP), you can deny packets from people port
scanning you.
Just an FYI, as I'm sure a debian firewall would be about the same ...
without extra software (vim, lynx, less, mutt, and other programs I'm
used to) the install for the complete firewall was about 120MB. I'm
running a 486 computer with 32MB RAM, 2 ne2000 compatible network
cards (ISA) and a 250MB hard drive.
That's about all I know.
-Rob
> On 20010130.1144, [EMAIL PROTECTED] said ...
>
> I have some questions about building a firewall. I currently have a cable
> modem connection which of course gives me a static IP address. If I was to
> build a firewall using a old 486 could I still assign my Debian box the
> static IP address as it is needed for my server which I use for
> hosting. Or would the 486 use the static IP and assign the Debian box a
> private IP address? Also I know there are many firewall how to's out there
> but would appreciate any recommendations.
>
> Regards
>
>
> Eileen Orbell
> Software & Internet Applications
> Capitol College
> mailto:[EMAIL PROTECTED]
> mailto:[EMAIL PROTECTED]
--
Q: How does a UNIX Guru pick up a girl?
A: look; grep; which; eval; nice; uname; talk; date;
