Steven Drew
2004-Jun-08 20:47 UTC
Three Interface Firewall - ADSL Modem with Ethernet and PPP
Hello This question could well have been answered before, but I am having difficulty locating it, so I was hoping someone could help. I work for a small UK based company and we have broadband, using PPP. It''s a Netgear ADSL modem/firewall/4 port switch. It doesn''t connect straight into a PC, but into the same switch as the other PC''s, using ethernet. The firewall on the Netgear is not very configurable, and I need a more robust solution. I''d like to start with setting up Shorewall. The configuration I have in mind is exactly as specified in the three interface firewall guide on Shorewall.net, except for one small alteration. I need to connect an Ethernet cable to the ADSL modem. The modem itself plugs into the phone line, using PPP. So, the modem has two interfaces, PPP and Ethernet. The plan is to plug directly into the ADSL modem using an Ethernet cable. The rest of the diagram as specified here http://www.shorewall.net/three-interface.htm I may have completely overlooked the documentation, so if I have I apologise! Hope this makes sense. Thanks in advance Steve
Tom Eastep
2004-Jun-08 21:12 UTC
Re: Three Interface Firewall - ADSL Modem with Ethernet and PPP
Steven Drew wrote:> Hello > > > > This question could well have been answered before, but I am having > difficulty locating it, so I was hoping someone could help. > > > > I work for a small UK based company and we have broadband, using PPP. It''s a > Netgear ADSL modem/firewall/4 port switch. It doesn''t connect straight into > a PC, but into the same switch as the other PC''s, using ethernet. >Does the Netgear do NAT/Masquerade?> > > The firewall on the Netgear is not very configurable, and I need a more > robust solution. I''d like to start with setting up Shorewall. The > configuration I have in mind is exactly as specified in the three interface > firewall guide on Shorewall.net, except for one small alteration. I need to > connect an Ethernet cable to the ADSL modem. The modem itself plugs into the > phone line, using PPP. So, the modem has two interfaces, PPP and Ethernet. > The plan is to plug directly into the ADSL modem using an Ethernet cable.So you will connect the Shorewall box to the ADSL modem using an ethernet cable; that''s basically what is shown in the URL you quote below and it is exactly what I do (http://shorewall.net/myfiles.htm) although my ADSL modem does not have a built in switch.> The rest of the diagram as specified here > http://www.shorewall.net/three-interface.htmThe setup described in the Three-interface QuickStart guide will work ok, although it is a bit silly to perform NAT in the Shorewall box if the "modem" already does NAT itself. If your "modem" does do NAT, I would prefer to make the Shorewall box act as a bridge (see http://shorewall.net/bridge.html). My configuration has a three-interface system (Wookie) configured as a bridge but it treats the three interfaces as Net, Local and WiFi. Since it is behind another firewall, Wookie doesn''t worry about restricting connections from the ''net'' zone but rather is interested in restricting what can be done from the ''WiFi'' zone. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Steven Drew
2004-Jun-09 20:11 UTC
RE: Three Interface Firewall - ADSL Modem withEthernet and PPP
Tom The Netgear does do NAT. I hadn''t spotted your other guides. I''m pretty sure now I have enough to go on to configure the sort of set up I need. I''m new to setting something like this up, so it''s taking a bit of time to figure out exactly what to do! Thanks Steve -----Original Message----- From: shorewall-users-bounces+steve=oblast.co.uk@lists.shorewall.net [mailto:shorewall-users-bounces+steve=oblast.co.uk@lists.shorewall.net] On Behalf Of Tom Eastep Sent: 08 June 2004 22:13 To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Three Interface Firewall - ADSL Modem withEthernet and PPP Steven Drew wrote:> Hello > > > > This question could well have been answered before, but I am having > difficulty locating it, so I was hoping someone could help. > > > > I work for a small UK based company and we have broadband, using PPP. It''sa> Netgear ADSL modem/firewall/4 port switch. It doesn''t connect straightinto> a PC, but into the same switch as the other PC''s, using ethernet. >Does the Netgear do NAT/Masquerade?> > > The firewall on the Netgear is not very configurable, and I need a more > robust solution. I''d like to start with setting up Shorewall. The > configuration I have in mind is exactly as specified in the threeinterface> firewall guide on Shorewall.net, except for one small alteration. I needto> connect an Ethernet cable to the ADSL modem. The modem itself plugs intothe> phone line, using PPP. So, the modem has two interfaces, PPP and Ethernet. > The plan is to plug directly into the ADSL modem using an Ethernet cable.So you will connect the Shorewall box to the ADSL modem using an ethernet cable; that''s basically what is shown in the URL you quote below and it is exactly what I do (http://shorewall.net/myfiles.htm) although my ADSL modem does not have a built in switch.> The rest of the diagram as specified here > http://www.shorewall.net/three-interface.htmThe setup described in the Three-interface QuickStart guide will work ok, although it is a bit silly to perform NAT in the Shorewall box if the "modem" already does NAT itself. If your "modem" does do NAT, I would prefer to make the Shorewall box act as a bridge (see http://shorewall.net/bridge.html). My configuration has a three-interface system (Wookie) configured as a bridge but it treats the three interfaces as Net, Local and WiFi. Since it is behind another firewall, Wookie doesn''t worry about restricting connections from the ''net'' zone but rather is interested in restricting what can be done from the ''WiFi'' zone. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm