Re: [vox-tech] Firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Firewall
Thanks Jeff,
I've got a lot to digest
Jay
Jay Strauss
jjstrauss@yahoo.com
----- Original Message -----
From: <jdnewmil@dcn.davis.ca.us>
To: <vox-tech@franz.mother.com>
Sent: Thursday, January 11, 2001 4:07 PM
Subject: Re: [vox-tech] Firewall
> On Wed, 10 Jan 2001, Jay wrote:
>
> > Yeah, based on Pete's post I started looking at LRP (even saw your
> > name (Mr. Newmiller) in a link). I think I'd like to build one, but
> > the project seems a little disarrayed, and misleading.
>
> The original developer (Dave Cinege) has lost a lot of support because he
> has his own ideas about how things should proceed but apparently only
> a limited amount of time to devote to the project. At this point I think
> he has pretty much left LRP alone and is working on his dream
> distribution, oriented more toward embedded development than re-using old
> PCs. I find his distribution the simplest because it doesn't attempt to
> do everything for you... others have modified it with lots of
> shellscripts.
>
> My own name appears fairly often there because in the absence of more
> knowledgeable people to explain things, I have endeavored to figure them
> out through discussion on the LRP list.
>
> > I'd like to build 2 (both without hard drives and bootable off a
> > single floppy):
> >
> > Home:
> > 2 NICs, DHCP server, able to get a dynamic IP (external) from my ISP
>
> How do you get the external IP? DHCP or PPPoE?
>
> >
> > Office:
> > 3 NICs (External, DMZ, Internal), DHCP Server, fixed IP
> >
> > Where should I start?
>
> From what I have seen, assuming you just want it to work as soon as
> possible you should use an image from http://lrp.steinkuehler.net/ that
> nearest matches your needs. I have only setup one system like this... I
> tend to prefer to assemble the parts I want starting with LRP, because
> there are a LOT of configuration variables in EigerStein config files that
> I am not interested in using.
>
> Home
> if dhcp...
> http://lrp.steinkuehler.net/DiskImages/Eiger/EigerStein2BETA.htm
> and from recent posts on the linux-router mailing list you probably
> ought to replace the dhclient.lrp on that image with the one on his
> "packages" page... http://lrp.steinkuehler.net/Packages.htm
>
> if pppoe...
> http://lrp.steinkuehler.net/contrib/disk_images.htm and look for Kenneth
> Hadley's pppoe image
>
> In every case, you need to know what kind of NICs you have and download
> modules from http://lrp.steinkuehler.net/kernel/Eiger/modules/net/. The
> standard 2.9.8 distribution uses kernel/module tarballs along with image
> files.
>
> For the office setup, you can start with the DHCP image above and disable
> dhclient.lrp in the syslinux.cfg file on the floppy. This may be easier
> to setup than the home system because of the fixed address.
>
> One stumbling block many people have is understanding what they need to
> know to fill in the blanks... and I don't really have a cookbook for that
> problem.
> http://lrp.c0wz.com/dox/sf/lrp-e2e-subsec-EtherToEtherInstructions.html#1
> applies to an older LRP version, but gives some pointers on gathering
> information from existing
> setups. http://linuxdoc.org/HOWTO/Net-HOWTO/index.html is another good
> resource.
>
> >
> > BTW, I don't understand the 2 firewall setup.
>
> http://www.oreilly.com/catalog/fire2/chapter/ch13.html
>
> In Figure 13-2, if the external and internal routers are packet filtering
> firewalls like LRP, then you may allow a single port to connect through to
> the "bastion host", through which a weakness _may_ be exploited if it
> exists. If no such holes exist in the interior router, then in theory the
> internal network should be much safer than the perimeter network
> (DMZ).
>
> The two routers can be combined into one router with 3 NICs, but if the
> router is cracked then both networks are exposed at once. This doesn't
> prevent it from being used fairly often.
>
> > If you guys will help me get it working, I'll try to write a HOW-TO
>
> That is a good way to learn. You will often find that similar
> documentation has already been written, but the author will assume a few
> things you don't know, or technology will have changed since they wrote
> theirs so that their instructions won't work quite right anymore, even
> though the theoretical things they write about may still be true.
>
> There are a lot of ways different networks can be setup, and
> unfortunately, few people have experience in all of them to be able to
> warn you about the problems you will face.
>
> That said, I think what you are asking for can be setup easily with
> an EigerStein image, or with a little more work using the base 2.9.8.
>
> ---------------------------------------------------------------------------
> Jeff Newmiller The ..... ..... Go Live...
> DCN:<jdnewmil@dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
> Work:<JeffN@endecon.com> Live: OO#.. Dead: OO#.. Playing
> Research Engineer (Solar/Batteries O.O#. #.O#. with
> /Software/Embedded Controllers) .OO#. .OO#. rocks...2k
> ---------------------------------------------------------------------------
>
>
|
