l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2001 Dec 30 16:59

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Firewall

Thanks Jeff,

I've got a lot to digest


Jay Strauss

----- Original Message ----- 
From: <jdnewmil@dcn.davis.ca.us>
To: <vox-tech@franz.mother.com>
Sent: Thursday, January 11, 2001 4:07 PM
Subject: Re: [vox-tech] Firewall

> On Wed, 10 Jan 2001, Jay wrote:
> > Yeah, based on Pete's post I started looking at LRP (even saw your
> > name (Mr. Newmiller) in a link).  I think I'd like to build one, but
> > the project seems a little disarrayed, and misleading.
> The original developer (Dave Cinege) has lost a lot of support because he
> has his own ideas about how things should proceed but apparently only 
> a limited amount of time to devote to the project.  At this point I think
> he has pretty much left LRP alone and is working on his dream
> distribution, oriented more toward embedded development than re-using old
> PCs.  I find his distribution the simplest because it doesn't attempt to
> do everything for you... others have modified it with lots of
> shellscripts.
> My own name appears fairly often there because in the absence of more
> knowledgeable people to explain things, I have endeavored to figure them
> out through discussion on the LRP list.
> > I'd like to build 2 (both without hard drives and bootable off a
> > single floppy):
> > 
> > Home:
> > 2 NICs, DHCP server, able to get a dynamic IP (external) from my ISP
> How do you get the external IP? DHCP or PPPoE?
> > 
> > Office:
> > 3 NICs (External, DMZ, Internal), DHCP Server, fixed IP
> > 
> > Where should I start?
> From what I have seen, assuming you just want it to work as soon as
> possible you should use an image from http://lrp.steinkuehler.net/ that
> nearest matches your needs.  I have only setup one system like this... I
> tend to prefer to assemble the parts I want starting with LRP, because
> there are a LOT of configuration variables in EigerStein config files that
> I am not interested in using.
> Home
>  if dhcp...
>   http://lrp.steinkuehler.net/DiskImages/Eiger/EigerStein2BETA.htm 
>   and from recent posts on the linux-router mailing list you probably
>   ought to replace the dhclient.lrp on that image with the one on his
>   "packages" page... http://lrp.steinkuehler.net/Packages.htm
>  if pppoe...
>   http://lrp.steinkuehler.net/contrib/disk_images.htm and look for Kenneth
>   Hadley's pppoe image
>  In every case, you need to know what kind of NICs you have and download
> modules from http://lrp.steinkuehler.net/kernel/Eiger/modules/net/.  The
> standard 2.9.8 distribution uses kernel/module tarballs along with image
> files.
> For the office setup, you can start with the DHCP image above and disable
> dhclient.lrp in the syslinux.cfg file on the floppy.  This may be easier
> to setup than the home system because of the fixed address.
> One stumbling block many people have is understanding what they need to
> know to fill in the blanks... and I don't really have a cookbook for that
> problem.  
> http://lrp.c0wz.com/dox/sf/lrp-e2e-subsec-EtherToEtherInstructions.html#1
> applies to an older LRP version, but gives some pointers on gathering
> information from existing
> setups. http://linuxdoc.org/HOWTO/Net-HOWTO/index.html is another good
> resource.
> > 
> > BTW, I don't understand the 2 firewall setup.
> http://www.oreilly.com/catalog/fire2/chapter/ch13.html
> In Figure 13-2, if the external and internal routers are packet filtering
> firewalls like LRP, then you may allow a single port to connect through to
> the "bastion host", through which a weakness _may_ be exploited if it
> exists.  If no such holes exist in the interior router, then in theory the
> internal network should be much safer than the perimeter network
> (DMZ).
> The two routers can be combined into one router with 3 NICs, but if the
> router is cracked then both networks are exposed at once.  This doesn't
> prevent it from being used fairly often.
> > If you guys will help me get it working, I'll try to write a HOW-TO
> That is a good way to learn.  You will often find that similar
> documentation has already been written, but the author will assume a few
> things you don't know, or technology will have changed since they wrote
> theirs so that their instructions won't work quite right anymore, even
> though the theoretical things they write about may still be true.
> There are a lot of ways different networks can be setup, and
> unfortunately, few people have experience in all of them to be able to
> warn you about the problems you will face.
> That said, I think what you are asking for can be setup easily with
> an EigerStein image, or with a little more work using the base 2.9.8.
> ---------------------------------------------------------------------------
> Jeff Newmiller                        The     .....       .....  Go Live...
> DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
> Work:<JeffN@endecon.com>              Live:   OO#.. Dead: OO#..  Playing
> Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
> /Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
> ---------------------------------------------------------------------------

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.