Using a linux server as a firewall - Linux

This is a discussion on Using a linux server as a firewall - Linux ; Redhat Linux 7.3. Two ethernet cards: eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:386260 errors:0 dropped:0 overruns:0 frame:0 TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27 collisions:10054 txqueuelen:100 RX bytes:29697918 (28.3 Mb) TX ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Using a linux server as a firewall

  1. Using a linux server as a firewall

    Redhat Linux 7.3.
    Two ethernet cards:

    eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
    inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:386260 errors:0 dropped:0 overruns:0 frame:0
    TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27
    collisions:10054 txqueuelen:100
    RX bytes:29697918 (28.3 Mb) TX bytes:139509719 (133.0 Mb)
    Interrupt:10 Base address:0x310

    eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
    inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:4946 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1811 errors:0 dropped:0 overruns:0 carrier:0
    collisions:2 txqueuelen:100
    RX bytes:602307 (588.1 Kb) TX bytes:216816 (211.7 Kb)
    Interrupt:11 Base address:0xdc80

    eth0 is connected to 4 port router, which is connected to ADSL modem.
    eth1 is connected to 8 port hub, which is connected to other systems on
    the LAN.

    Output of route (collapsed slightly to fit width):

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default eth0 0.0.0.0 UG 0 0 0 eth0

    IP address of router is 192.168.1.1.
    IP address of eth0 is 192.168.1.2.
    IP address of eth1 is 192.168.1.102.

    Able to ping the router through eth0 with no problem.

    Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
    all attempts to ping go through eth0 (default gateway, no surprise).
    When cables are switched to connect eth0 to the LAN, can ping the LAN
    through eth0 with no problems.

    iptables settings all set to ACCEPT to simplify testing of initial
    configuration (I'll worry about that later -- first things first).

    So, I've obviously missed something. Any suggestions for how to get eth1
    to "see" the LAN?

    [FollowUps set to comp.os.linux.networking]

  2. Re: Using a linux server as a firewall

    "Lyle H. Gray" wrote in message news:...
    > Redhat Linux 7.3.
    > Two ethernet cards:
    >
    > eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
    > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0

    ....
    >
    > eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
    > inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0

    ....
    >
    > eth0 is connected to 4 port router, which is connected to ADSL modem.
    > eth1 is connected to 8 port hub, which is connected to other systems on
    > the LAN.


    You are better off putting eth1 on a different subnet. For more info, see
    http://ide-cf.info-for.us/firewall

    >
    > Output of route (collapsed slightly to fit width):
    >
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    > default eth0 0.0.0.0 UG 0 0 0 eth0
    >
    > IP address of router is 192.168.1.1.
    > IP address of eth0 is 192.168.1.2.
    > IP address of eth1 is 192.168.1.102.
    >
    > Able to ping the router through eth0 with no problem.
    >
    > Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
    > all attempts to ping go through eth0 (default gateway, no surprise).
    > When cables are switched to connect eth0 to the LAN, can ping the LAN
    > through eth0 with no problems.
    >
    > iptables settings all set to ACCEPT to simplify testing of initial
    > configuration (I'll worry about that later -- first things first).
    >
    > So, I've obviously missed something. Any suggestions for how to get eth1
    > to "see" the LAN?
    >
    > [FollowUps set to comp.os.linux.networking]


  3. Re: Using a linux server as a firewall

    I think your two nics have to be on different networks:

    eth0: 192.168.1.1/255.255.255.0
    eth1: 192.168.2.1/255.255.255.0

    Then set up appropriate routes and iptables rules.

    "Lyle H. Gray" wrote in message news:...
    > Redhat Linux 7.3.
    > Two ethernet cards:
    >
    > eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
    > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    > RX packets:386260 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27
    > collisions:10054 txqueuelen:100
    > RX bytes:29697918 (28.3 Mb) TX bytes:139509719 (133.0 Mb)
    > Interrupt:10 Base address:0x310
    >
    > eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
    > inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    > RX packets:4946 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:1811 errors:0 dropped:0 overruns:0 carrier:0
    > collisions:2 txqueuelen:100
    > RX bytes:602307 (588.1 Kb) TX bytes:216816 (211.7 Kb)
    > Interrupt:11 Base address:0xdc80
    >
    > eth0 is connected to 4 port router, which is connected to ADSL modem.
    > eth1 is connected to 8 port hub, which is connected to other systems on
    > the LAN.
    >
    > Output of route (collapsed slightly to fit width):
    >
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    > default eth0 0.0.0.0 UG 0 0 0 eth0
    >
    > IP address of router is 192.168.1.1.
    > IP address of eth0 is 192.168.1.2.
    > IP address of eth1 is 192.168.1.102.
    >
    > Able to ping the router through eth0 with no problem.
    >
    > Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
    > all attempts to ping go through eth0 (default gateway, no surprise).
    > When cables are switched to connect eth0 to the LAN, can ping the LAN
    > through eth0 with no problems.
    >
    > iptables settings all set to ACCEPT to simplify testing of initial
    > configuration (I'll worry about that later -- first things first).
    >
    > So, I've obviously missed something. Any suggestions for how to get eth1
    > to "see" the LAN?
    >
    > [FollowUps set to comp.os.linux.networking]


  4. Re: Using a linux server as a firewall

    sales@ide-cf.info-for.us (Sales for IDE-CF flash drive) wrote in
    news:59db9c0e.0311211520.dbd5e94@posting.google.co m:

    > You are better off putting eth1 on a different subnet. For more info,
    > see http://ide-cf.info-for.us/firewall


    That page appears to be 404...


  5. Re: Using a linux server as a firewall

    For added security using something like 192.168.x.x on one NIC and
    10.15.x.x on another might be even better. I personally always like
    outside traffic to see a completely different address space than
    internal traffic.

    Andy

    --------------------------
    Andy Smith, MCP
    wasmith32@earthlink.net
    --------------------------


    hairy918 wrote:
    > I think your two nics have to be on different networks:
    >
    > eth0: 192.168.1.1/255.255.255.0
    > eth1: 192.168.2.1/255.255.255.0
    >
    > Then set up appropriate routes and iptables rules.
    >
    > "Lyle H. Gray" wrote in message news:...
    >
    >>Redhat Linux 7.3.
    >>Two ethernet cards:
    >>
    >>eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
    >> inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    >> RX packets:386260 errors:0 dropped:0 overruns:0 frame:0
    >> TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27
    >> collisions:10054 txqueuelen:100
    >> RX bytes:29697918 (28.3 Mb) TX bytes:139509719 (133.0 Mb)
    >> Interrupt:10 Base address:0x310
    >>
    >>eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
    >> inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
    >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    >> RX packets:4946 errors:0 dropped:0 overruns:0 frame:0
    >> TX packets:1811 errors:0 dropped:0 overruns:0 carrier:0
    >> collisions:2 txqueuelen:100
    >> RX bytes:602307 (588.1 Kb) TX bytes:216816 (211.7 Kb)
    >> Interrupt:11 Base address:0xdc80
    >>
    >>eth0 is connected to 4 port router, which is connected to ADSL modem.
    >>eth1 is connected to 8 port hub, which is connected to other systems on
    >>the LAN.
    >>
    >>Output of route (collapsed slightly to fit width):
    >>
    >>Kernel IP routing table
    >>Destination Gateway Genmask Flags Metric Ref Use Iface
    >>192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
    >>192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    >>192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    >>127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    >>default eth0 0.0.0.0 UG 0 0 0 eth0
    >>
    >>IP address of router is 192.168.1.1.
    >>IP address of eth0 is 192.168.1.2.
    >>IP address of eth1 is 192.168.1.102.
    >>
    >>Able to ping the router through eth0 with no problem.
    >>
    >>Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
    >>all attempts to ping go through eth0 (default gateway, no surprise).
    >>When cables are switched to connect eth0 to the LAN, can ping the LAN
    >>through eth0 with no problems.
    >>
    >>iptables settings all set to ACCEPT to simplify testing of initial
    >>configuration (I'll worry about that later -- first things first).
    >>
    >>So, I've obviously missed something. Any suggestions for how to get eth1
    >>to "see" the LAN?
    >>
    >>[FollowUps set to comp.os.linux.networking]



  6. Re: Using a linux server as a firewall

    Did you try removing default gateway entry from the routing table?


    "Lyle H. Gray" wrote in message news:...
    > Redhat Linux 7.3.
    > Two ethernet cards:
    >
    > eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
    > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    > RX packets:386260 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27
    > collisions:10054 txqueuelen:100
    > RX bytes:29697918 (28.3 Mb) TX bytes:139509719 (133.0 Mb)
    > Interrupt:10 Base address:0x310
    >
    > eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
    > inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    > RX packets:4946 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:1811 errors:0 dropped:0 overruns:0 carrier:0
    > collisions:2 txqueuelen:100
    > RX bytes:602307 (588.1 Kb) TX bytes:216816 (211.7 Kb)
    > Interrupt:11 Base address:0xdc80
    >
    > eth0 is connected to 4 port router, which is connected to ADSL modem.
    > eth1 is connected to 8 port hub, which is connected to other systems on
    > the LAN.
    >
    > Output of route (collapsed slightly to fit width):
    >
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
    > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    > default eth0 0.0.0.0 UG 0 0 0 eth0
    >
    > IP address of router is 192.168.1.1.
    > IP address of eth0 is 192.168.1.2.
    > IP address of eth1 is 192.168.1.102.
    >
    > Able to ping the router through eth0 with no problem.
    >
    > Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
    > all attempts to ping go through eth0 (default gateway, no surprise).
    > When cables are switched to connect eth0 to the LAN, can ping the LAN
    > through eth0 with no problems.
    >
    > iptables settings all set to ACCEPT to simplify testing of initial
    > configuration (I'll worry about that later -- first things first).
    >
    > So, I've obviously missed something. Any suggestions for how to get eth1
    > to "see" the LAN?
    >
    > [FollowUps set to comp.os.linux.networking]


+ Reply to Thread