Re: [Sheflug] Firewalls, routers, gateways (was kernel on other machine)

["Alex Hudson" <nospam [at] york.ac.uk>]

>  I think perhaps I've been using the wrong terms, I not entirely sure.
> I assumed that a firewall is a system to keep the great unclean from
> getting at my network?

A firewall is a general system to keep out packets of one kind or another;
not necessarily (but mostly) security related.

> A router obviously is a system to route traffic, including ip masq'ing,
> and this also covers gateways.

Nah. Something that masq is doing NAT (sort of), and is obviously therefore
a natter ;))

>  to have noodles as the modem server
>  to run mserver (the MasqDialer server), so I can bring the modem up and
> down, rather than ssh'ing in each time.

wvdial.dod has worked well for me in the past; anything like that is
extremely easy to set up.

>  Stupid question -  Can I keep the modem attached to flux, whilst having
> noodles as the gateway/router/whatever?

Yes, you can. And yes, 'noodles' would be an adequate description, although
I would apply it to the network configuration rather than the machines ;))
Basically, this isn't the way you want to do it. Although, if you did it
that way, do tell - *I* would find it extremely funny anyway ;))

> I'm a bit confused about the modem. Where, how, why.

On the gateway. Anything doing packet filtering should be doing it on a
physical network interface, rather than a virtual one. Put it on noodles.
(I'm assuming noodles is always on). Use wvdial.dod, pppd --demand, or
whatever, to bring ppp up and down for you. Set noodles as your default
gateway on flux. "Sorted".

> I expect that the gateway should have two interfaces - eth0 and ppp0 -
> correct me if I'm wrong.

Usually a good idea, yes. More interfaces is also common. One interface - a
packet filter in a cul-de-sac - is almost unheard of, except in jokes ;)

>  What I do I need to install onto noodles to achieve my goals - noodles
> has 800Mb of space split approx 300/500 over two drives.
>  Could I get all this onto the 300Mb drive? I should hope so.

You could probably get it all on a 30Mb drive, let alone 300.

>  Once I do get all this setup, should I just drop the ipchains rules on
> flux? (My guess: Yes)

Depends. Depends on how you're planning on doing things on the firewall /
gateway / whatever. If it's being a proper firewall, you're only going to
have a few ports open, so flux can be as prmoiscuous as it likes, pretty
much. Remember, though - it's easy to pierce a firewall from the inside:
doing something silly could open up your whole network, making the firewall
useless.

>  Any suggestions, etc please shout...I plan on getting this install
> right the first time (for once).

Take it one step at a time. Get the network set up right - i.e., all the
routes and stuff, and make sure everything can connect and get through. Then
try configuring the 'firewall', if that's what you want. Add a rule at a
time, and test it at each step. If it's something you're not familiar with,
chances are just trying one big rulesset that appears to work (on paper)
will probably stop all packets ;)

Cheers,

Alex.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.