Security :: Firewall Infront Of Router Setup?
Mar 9, 2011
I am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port]
IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24
and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
View 1 Replies
ADVERTISEMENT
Feb 9, 2010
I want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies
View Related
Feb 15, 2011
I want to have a firewall that is connected to my modem and router and have it function as just a firewall no dhcp no routing is that possible?
View 3 Replies
View Related
Aug 8, 2010
I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies
View Related
Apr 20, 2011
There are routers with firewalls which you cannot configure - you just use those routers and get some protection from Internet attacks. Is it possible to configure iptables on GNU/Linux machine so that you'll get better protection than the protection you get from those kind of routers?
View 4 Replies
View Related
Apr 5, 2011
In an effort to learn more about firewalls and iptables I have left behind gui set-up tools and have setup a firewall using iptables that logs to its own file. The firewall is as follows:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TCP - [0:0]
[Code]...
View 8 Replies
View Related
Feb 14, 2011
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
View 1 Replies
View Related
Jul 22, 2009
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
View 6 Replies
View Related
Jun 21, 2011
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
View 2 Replies
View Related
Jan 3, 2011
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
View 3 Replies
View Related
Jan 3, 2011
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
View 7 Replies
View Related
Dec 18, 2010
Using Windows, I always set a Restrictive firewall policy with a third party firewall. But I also had all ports set to Stealth, something that appears to not offer any security benefits (as I've learned from reading Ubuntu forums). I'd like to learn about best security practices (under Ubuntu) for outgoing firewall protection. I will be using the built-in Ubuntu firewall that is configured via Firestarter. Outgoing filtering offers privacy as well as security benefits. But I thought I needed my ports stealthed to be safe too, so I'm open to learning new things.
I wanted to start a poll to find out how many folks use permissive/restrictive, but no polls allowed here apparently.Could Ubuntu users knowledgeable about firewalls enlighten me on whether I should go Outbound-Restrictive and what applications I will need to allow so Ubuntu "housekeeping" is not affected negatively? I basically just use the internet for software updates, web-surfing and e-mail. One question I have is whether there is something comparable in Ubuntu to Window's "DNS Client" service? I always disabled Window's "DNS Client" and forced each application to request port 53 DNS lookups itself.I only had to allow four programs to accomplish all internet traffic that I engage in. I set all other programs/applications to be either Blocked or to have to Ask for an outgoing connection as needed.Here is my former Windows XP setup:
svchost.exe: allow UDP for ports 53, 67, 68, 123 (time) and TCP for ports 80, 443
Avast: allow UDP for port 53 and TCP for port 80
firefox: allow UDP for port 53 and TCP for ports 80, 443
IE: allow UDP for port 53 and TCP for ports 80, 443
View 9 Replies
View Related
Jun 24, 2009
I would like to know the blocking methode In a Firewall or a Router.whether i will be done by Protocol wise, ho? or it will done through Host wise, How ?
View 2 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Apr 24, 2010
I'm having trouble getting my network set up the way that I want it/had it. You see, when I first set up my network, I just had my cable modem going directly to my standard wired router (A D-Link DI-604), which had DHCP,and was connected to all of the computers on my network. I had one switch hooked up to one of the ports of the router, but this was a regular switch, and it would not try to assign IP addresses, it would just pass through the DHCP info as I wanted.
Now however, my network setup has changed. My room mate and I both got laptops, and we decided that we wanted to have wireless access so we didn't have to constantly plug in to the router.
Now my network is set up like this: The modem is hooked up to the router(DI-604), which is hooked up on the LAN side to our computers, our switch (which is hooked up to 3 more computers), and to a wireless router card (A Gigabyte GN-BC01).
The wireless router card has two jacks for ethernet. One for WAN, and one for LAN. The LAN side we have plugged only into the computer in which the card is installed.
Now the problem is this: The wireless router card comes with DHCP by default, and it's assigning addresses to the laptops and to the computer hat it's in, and worse, the IP addresses are on a different subnet than that of the main dlink router. The Main (dlink) router assigns addresses from 192.168.0.1 (itself) to 192.168.0.254, while the wireless router card assigns addresses from 192.168.1.1 to 192.168.1.254 (itself).
Because of this, I cannot access services on the wireless network from my wired network or vice versa. The first thing I tried was setting the card to assign addresses from 192.168.0.12 to 192.168.0.253, however it just said "internal error" when I tried to do this. I decided that this may be because it sees that it was being assigned an address on it's WAN side on the same subnet. So the next thing I tried was disabling DHCP and setting the "LAN IP Address" to 192.168.0.12, hoping that the DHCP would just go through the card, like a switch. I would have set the LAN IP address to be assigned by DHCP, but this was not an option, so I decided that'd be the best thing to set it to.
Once again however, setting the LAN ip address to an address on the same subnet as that of the IP assigned to it's WAN side caused it to report an "internal error". I verified that this was the issue by setting the LAN address to several other private IP addresses to test (I.E. 10.0.0.1, 192.168.3.1, 192.168.5.12).
My question then really is: How do I set up both routers so that I can access services and computers from each network from the other network. Should I set them with different subnets and set the gateway on the wireless network to the main router? To the wireless router card? Should I put them on the same subnet? Will it know how to communicate?
Here is a link to (picture) my network diagram. Network Diagram
View 2 Replies
View Related
Mar 29, 2010
switched recently to 11.2 and it works fine for me as workstation I want to set up a router separating a part of the network and also acting as a firewall/proxy... Configured 2 Ethernet Interfaces, checked Ip forwarding in Yast but it does not forward the packets from the "internal" to the "external" network. Hovewer after I set up my router as default for machines on internal network I can ping the external interface but no adress on external network (particularly the one of the default router) !!! From the router I can reach both networks and the net via default gateway on external. Tried to:
a) switch firewall completely off
b) iptables -P FORWARD ACCEPT
c) masquarading internal adresses to the external network
my interfaces configuration looks like:
eth0 Link encap:Ethernet HWaddr 00:13:D4:E3:A2:7B
inet addr:192.168.1.34 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:d4ff:fee3:a27b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code].....
View 4 Replies
View Related
Aug 9, 2010
My isp gave me a router which has wifi.
I added an ubuntu box acting as a router, so the layout is this:
Now, the lan has 192.168.2.0 subnet, and the external interface of the router is in the 192.168.1.0 subnet
So the problem is that the wifi assigns 192.168.1.0 ip's which doesnt belong or get filtered through my router/firewall...
View 9 Replies
View Related
Sep 23, 2010
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
View 2 Replies
View Related
Apr 23, 2010
I have seen tutorials on setting up a secured firewall/router/gateway using ubuntu server as the platform. However, I am wondering if anyone has had experience with using an aircard (wireless broadband card via usb) to set up a router.
Which card do you recommend? Any precautions? Any specific code already written to automatically recognize mobile broadband cards and restart the connection if it goes stale?
View 8 Replies
View Related
Sep 8, 2010
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
View 3 Replies
View Related
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
View 1 Replies
View Related
Jul 20, 2011
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies
View Related
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
View Related
Jun 10, 2009
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
View 3 Replies
View Related
Nov 19, 2010
I am establishing ad hoc connection between two PCs
1. LAPTOP: WIFI adapter OS: Ubuntu 9.10 Connection name: trial Address: 192.168.1.36 Subnet: 255.255.255.0 Gateway: 192.168.1.1
2. PC with wired Internet connection + WIFI adapter OS: Windows XP Connection name and parameters same as above except ip: 192.168.1.40
I can see trial is getting connected with excellent strength. When i try to run an Internet on Ubuntu it is not working. Firewall is not active and Router is enabled.
View 1 Replies
View Related
Sep 14, 2010
I want to connect my home network with the iPhone via UMTS to the internet. I'm searching a Router and Firewall Distribution, which is able to use the iPhone in modem-mode to connect to the internet.
Does anybody know such a Distro which can realize that?
View 2 Replies
View Related
Jul 6, 2010
I am trying to do my graduation project, it's labeled under "linux secure router", and I should build a linux based router equipped with firewall and ACL management...Some people advice me to use linux ubuntu distribution todo this I try to do that but I don't know where to start form
View 3 Replies
View Related
Jan 27, 2010
I'm mentoring my local high school's IT club as they prepare to participate in a cyberdefense competition (see IT Olympics). Generally we are given four boxes and need to set up a network that provides certain services (which services change from year to year, but usually include a web server, email server, FTP server, and an application server of some sort) and support client PCs that connect from the WAN. The red team then tries to break into our network to steal "flags" from our servers and to set their own "flags" on our servers.
Generally we set up the firewall with two network interface cards (one to the WAN and one to our LAN), and connect the LAN NIC to a router, which then connects to the other three boxes. But we do have the option of installing additional NICs in the firewall and configuring it as a router. I can't shake the feeling that there is a security advantage to such a configuration, but I can't say what that advantage is. Perhaps something with configuring ipTables on the internal boxes to accept connections only from the firewall's NIC, and then only for the services we want that box to support (to prevent an intruder from connecting directly from one box to another)?
View 2 Replies
View Related
Jan 26, 2010
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
View 2 Replies
View Related
