On 18.08.17 13:53, Ray via luv-main wrote: > The current situation is a have a Dlink 4G modem router, this has an IP > address of 192.168.0.1. This is to be connected to my fire wall machine > (currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2 > ethernet port motherboard, the second port eth1 will be connected to a (I > think) switch which has my other 4 machines connect to it.
While it is possible to run a firewall on a separate router host as you describe, all the modems I've used include the router and firewall functionality, as provided by the ISP, ready to go. > The IP address range is currently 92.168.1.1 (gateway) upwards with 6 > address's in use. How is the firewall ports configured, is there a decent > explantion on the net (remember I know little about the low level nuts and > bolts but would like to find out. Then it is highly advisable to begin with a simple set-up, and only make it more complicated if the modem really lacks a firewall. A single subnet, running off one router/modem port, with all your hosts plugged into a cheap little ethernet switch, conveniently located, could have you cruising in no time. > I assume the 2 ports on the firewall machine will use 2 different IP > address, is there any logic in there allocation, I also assume the default > route for this machine will be eth0 (the port connected to the 4G modem > router. In Debian in the /etc/network/interfaces file how is the default > route determined. It is a long time since I mucked with static routing. You can use the route command to specify routes for subnets, subnet masks, and the IP of the gateway. You could use the two subnets you have; 192.168.0.0/24 and 92.168.1.0/24, one on each side of the firewall. In each case, the subnet mask would be 255.255.255.0. Looking at what I have on this host, talking directly to my modem, I see: $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 denotes the default route, so here anything not for the local 192.168.1.0/24 subnet goes to the gateway (192.168.1.1), which is the modem. Really simple. There are a number of examples in the "route" manpage. I did some reading in the O'Reilly "TCP/IP Network Administration" book before cutting loose, but my copy is a quarter of a century old now. A quick google of "linux static routing howto" showed a bunch of promising hits. There's likely to be more current information in them. E.g. the "ip" command seems to be popular this century, so let's try: $ ip route default via 192.168.1.1 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 That doesn't look as familiar as the netstat report to these old eyes, but it must be conceded that it is usefully informative and highly readable. A lot of reading, then some judicious fiddling, cannot fail to be educational - and possibly successful, in the end. I think we'd enjoy some questions along the way. You never know what cobwebs they could dust off. > Help, will be GREATLY appeciated. > > Trying to get new internet access for when the 2G network was gone has been > a real struggle. At this location only 2 options are availible, NBN satelite > and 4G mobile broadband, unfortunately there is little information anywhere > on how to configure either of them for linux. I tried satelite NBN but could > not get ANY kind of reliable connection. A 4G dongle will work on linux but > I could find NO config information at all and it appears plenty have tried > and failed. THe current solution has been adopted as it only means setting > up ethernet ports and doing bit of routing. If there's no firewall functionality on the 4G modem, then you'll have to climb the networking learning curve, and what's linux for, but for having a fiddle - if you don't mind having to restore to base settings a couple of times while figuring it out. (The "ip route restore" command might be useful there.) Erik _______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
