July 23rd, 2003 05:09 AM
How should I setup my network ?
I just recently switched over to a wireless network at my house. Before this, I was running redhat 7 as a masquerading server (running snort) and had a windows 2k system behind that.
Currently, however, the wireless router is acting as both the masquerading server and the firewall, with the Win2k and RH server behind the router. The problem I am having is that I want to run snort in a DMZ, but I don't want to purchase another IP address to have this thing outside my router. Short of getting another IP address, what is the best way to setup my network so that I can have Redhat run an IDS, analzing data from the Internet (not my internal network)
Any input is appricated!
July 23rd, 2003 06:23 AM
On your router you should have the option to set one of the internal IP addresses to the DMZ. If not, get a better router . You should be able to consult your documentation on how to step by step set up a box on the dmz by http'ing to your router. Should not be too dificult.
If you don't have this option in your router another option would be to turn on port forwarding to your redhat box and just apply it to all ports (0-65535) tcp/udp, that should work good enough.
We would be able to help more specifically if you told us specifically what wireless router you purchased, or are using.
July 23rd, 2003 01:32 PM
The3ntropy is correct - I'm assuming that you've probably got a Linksys, DLink, etc wireless router for your setup. You should be able to enter the router's setup via a web browser - just enter the IP address (internal) of the router into your browser, type the passwords, you should be in. From that point, at least from all of these setups I've seen, you can specify an internal host (Ex: 192.168.1.150) to be in the DMZ - this will save you from purchasing another IP address..
July 23rd, 2003 03:54 PM
This is why I love AntiOnline - it's an invaluable source of information.
I was able to find the DMZ host option, and am soo excited to start using snort again! Thanks again for your comments!
July 23rd, 2003 04:59 PM
We are, as always, glad to help. And also glad that it worked with few or no problems.
July 23rd, 2003 08:17 PM
This really has nothing to do with the router. The best way to do what you are trying to do, is to use a hub (not a switch) outside your router. You can then put a second interface in your IDS (Snort BOX) and set the second interface to promiscuous mode. Connect this interface into the hub (outside the router). If there is no TCP stack on the outside interface, you don't have to worry about it from a security perspective. The active interface resides on your trusted segment, so the box can be used as normal...
DO NOT use any type of DMZ setting on any SOHO type device. All this does is set up port forwarding to your machine. While this technically would probably work, you are exposing everything on your network if the virtual DMZ host is compromised.
July 23rd, 2003 09:45 PM
I'm not sure I understand the phrase 'outside the router'. How would I setup the hub outside the router?
July 24th, 2003 04:48 PM
The way it needs to be set up is as follows (assuming you are using DSL or Cable):
INTERNET----->DSL/CABLE MODEM----->HUB----->WIRELESS ROUTER----->LAN
July 24th, 2003 05:33 PM
If your AP supports MAC filtering/locking I suggest you use it, since you do not appear to have a router between your internal LAN and WLAN in your setup.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier