A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Any "Setting up a tri-homed firewall in 24 hours for Dummies" guides around? (longish)



 
 
Thread Tools Display Modes
  #1  
Old September 27th 03, 10:44 AM posted to uk.comp.home-networking
Trust No OneŽ
external usenet poster
 
Posts: 12
Default Any "Setting up a tri-homed firewall in 24 hours for Dummies" guides around? (longish)

Morning all....

Feel somewhat lazy today and plan to stay home the entire day

Instead of doing an "Andy Cap" on the sofa I'd like to work on setting up my
dream home network.

Currently I have broadband with Zen internet with a /29 netblock (5 usable
addresses). I use a 4 port EN5861 router with its built in firewall and NAT
enabled. My PCs (12) are connected to a 24 port managed switch which is
connected with a cross-over cable to one of the ports on the EN5861. I have
a smaller 8 port unmanaged switch which is lying spare.

Now this setup works fine but is rather wasteful of the /29 netblock as it
doesn't utilize any of the 5 additional IPs.

Now I'd like to end up with a dream setting looking like the bottom diagram
at:

http://www.zensupport.co.uk/ADSL/eth...URL=samplenets

which revolves around a tri-homed firewall with 1 NIC connected to the 5861,
1 connected to the spare switch hosting the DMZ (containing a web server,
ftp server etc) and the final NIC connected to tee managed switch hosting my
"protected" home network pcs.

To do this I know I need to switch off the NAT and firewall on my 5861 and
configure the tri-homed firewall PC appropriately.

Now I have all the necessary equipment but what I don't have is the
knowledge to pull this all together I am a fast learner though and
ideally I'd like to have a reasonably secure setup in and working by end of
play today. Time permitting I'd like to setup a VPN solution as well

Firstly is the home network design I'm looking at sound? Is my goal of
having a reasonably secure setup by end of play workable?

Secondly does anyone know of any guides around that are capable of
kick-starting me on my way? I have the choice of using either Linux, Solaris
or a 365 day evaluation of Windows 2003 server I have knocking around. What
solution would you gurus recommend?

Tia

--
Peter X-Files Fan
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam


  #2  
Old September 27th 03, 12:11 PM posted to uk.comp.home-networking
Ian Northeast
external usenet poster
 
Posts: 66
Default Any "Setting up a tri-homed firewall in 24 hours for Dummies" guidesaround? (longish)

"Trust No OneŽ" wrote:

Now I'd like to end up with a dream setting looking like the bottom diagram
at:

http://www.zensupport.co.uk/ADSL/eth...URL=samplenets

which revolves around a tri-homed firewall with 1 NIC connected to the 5861,
1 connected to the spare switch hosting the DMZ (containing a web server,
ftp server etc) and the final NIC connected to tee managed switch hosting my
"protected" home network pcs.

To do this I know I need to switch off the NAT and firewall on my 5861 and
configure the tri-homed firewall PC appropriately.

Now I have all the necessary equipment but what I don't have is the
knowledge to pull this all together I am a fast learner though and
ideally I'd like to have a reasonably secure setup in and working by end of
play today. Time permitting I'd like to setup a VPN solution as well

Firstly is the home network design I'm looking at sound? Is my goal of
having a reasonably secure setup by end of play workable?


It certainly looks sound. Pretty ambitious to get it done in a day I
would say.

Secondly does anyone know of any guides around that are capable of
kick-starting me on my way? I have the choice of using either Linux, Solaris
or a 365 day evaluation of Windows 2003 server I have knocking around. What
solution would you gurus recommend?


Out of those use Linux, it has by far the best firewall incorporated.
You could read the various howtos at http://www.tldp.org/, especially
the masquerading and firewall ones (although the latter is looking a bit
dated) but that would be unlikely to get you running in a day.

Have a look at http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome and
http://www.smoothwall.org/. These are probably the easiest ways to
achieve what you want. Whichever you choose, use one with a 2.4 kernel
as the iptables firewall is much better than the ipchains one in 2.2. It
is stateful which means it can recognise response packets without having
to guess. This suggests that IPCop may be a better choice, as its latest
stable release uses 2.4 whereas Smoothwall's doesn't. I've also been
seeing more favourable comments about it recently.

Regards, Ian
  #3  
Old September 27th 03, 07:56 PM posted to uk.comp.home-networking
Trust No OneŽ
external usenet poster
 
Posts: 12
Default Any "Setting up a tri-homed firewall in 24 hours for Dummies" guides around? (longish)

Ian Northeast wrote:

Out of those use Linux, it has by far the best firewall incorporated.
You could read the various howtos at http://www.tldp.org/, especially
the masquerading and firewall ones (although the latter is looking a
bit dated) but that would be unlikely to get you running in a day.

Have a look at http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome
and http://www.smoothwall.org/. These are probably the easiest ways to
achieve what you want. Whichever you choose, use one with a 2.4 kernel
as the iptables firewall is much better than the ipchains one in 2.2.
It
is stateful which means it can recognise response packets without
having
to guess. This suggests that IPCop may be a better choice, as its
latest stable release uses 2.4 whereas Smoothwall's doesn't. I've
also been
seeing more favourable comments about it recently.

Ian,

Thanks for the reply including the links. IPCop seems like exactly what I'm
looking for with a relatively simple initial setup, and the ability to
customize it to be as complex as one wishes.

I've revised my rather optimistic target of end of play today, and hope to
have this all up and working by the end of play Monday. Better safe than
sorry - I'd hate to leave a gaping security hole in my system due to
hastiness.

There's still life in P233MMX base units yet You can get them for a song
and they make superb firewalls/routers.


--
Peter X-Files Fan
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam



 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SPEWS SLIMES "WindsorFox", "Kevin-!:?)", "Spin Dryer" get the cold shoulder at broadband ng! SneakyP uk.telecom.broadband (UK broadband) 0 November 29th 05 11:46 PM


All times are GMT +1. The time now is 02:12 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright Š2004-2019 BroadbanterBanter.
The comments are property of their posters.