[TCLUG] Firewall / Router

[Rodney Ray]

Do you think you could help me out for one minute? I have a small problem with smoothwall. My question is this, I cant get out to the net from my network. I can go to the smooth wall box and ping the work friom it but can't from anyother box. All the boxs on the local entwork can see eachother and even see the smooth box, but nothing out. I know very little about gateways and nat ..... etc so I have not clue on how to set up port forwarding ..ect. I have been reading but not sure how to get it to work with dhcp from my isp. 
smoothwall IP's DHCP and internal 192.168.1.1(green). The etc/host file has only 2 entries, 1 localhost 127.... 2nd 192.168.1.1 should there not be another entry for the DHCP from my ISP? what should it be? It's DHCP so I can't hard code it..... also if I do a route -n it only gives me the internal network IP 192.168.1.1, should there not be another entry for the DHCP? so it knows where to route outgoing request?


Rodney Ray
Children's Hospital and Clinics
Data Warehouse Developer
651-855-2560
rodney.ray at childrenshc.org

>>> jack at jacku.com 9/26/01 12:02:05 AM >>>
On Tuesday 25 September 2001 22:50, you wrote:
> Quoting Rodney Ray (Rodney.Ray at childrenshc.org): 
> > I just got a cable modem with ATT and was wondering what people have for
> > firewall and router. I don't know much about this area so any help would
> > be good..... Is it ok to run both functions on the same box or is it
> > better to separate them? What is the best method of attack?
>
> Better to have seperate boxes. I think you get the router from ATT, you
> won't need that, but you have lots of choices for firewalls.
>
> Maybe tell us(?) me about what you what to do with your new link and people
> can give recommendations on what is best.

To echo Scott's comment on the "cable modem" from what I know about them they 
function primarily as a protocol converter. The are a "tuned" cable receiver 
to get the data channel and then they convert from that to ethernet. For 
practical purposes the cable modem is a "router" in that there is an internal 
address for the cable port that is on a different subnet than the DHCP 
address you get assigned, or the statics you buy. I had a Samsung "powered by 
Cisco IOS" but you couldn't get into the box to look at the config from the 
ethernet side, only the cable side.

As far as simple configuration I've used the IPChains module for Webmin and 
been very happy with it. The module provides three levels of rule setting 
from a simple low, medium, high, lockout type setting to complete control of 
the ipchains. The middle ground "template" level gives you enough control 
without having to learn the IPChains syntax. Rumor is the author is working 
on an iptables/netfilter version of the module.

-- 
Jack Ungerleider
jack at jacku.com 
_______________________________________________
tclug-list mailing list
tclug-list at mn-linux.org 
https://mailman.mn-linux.org/mailman/listinfo/tclug-list