A Firewall Question.
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: A Firewall Question.

  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    3

    A Firewall Question.

    Hey,
    so i have a doubt here, i have this old computer and i was thinking about putting it as a firewall, maybe running smoothwall, but i'm kind of confused.
    I've 2 computers beside that one, now i'm sharing the internet trough a crossover, my question is how could i share the internet to those 2 computers, but first passing trought the firewall?
    I hope you understand my question, do i need to buy a router, do i need to put like 2 ethernet cards on the firewall in order to share it?
    If you could give me a little help here, i would really appreciate it.

    Thanks in advance.

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    modem --> NIC1 on firewall (have the firewall computer share out the internet.)
    NIC2 --> HUB/Switch
    HUB/Switch --> Other computer


    or buy a firewall/router combo and then have a third computer
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    XTC46, let me add a few more points

    mes$y, the situation is as follows: Your old computer, let's call it S - the
    Smoothwall-box, is somehow connected to the internet (e.g. modem),
    and therefore has an IP on that interface. This box must also be
    connected to the other boxes. The standard, cheap but scalable home-solution
    for this is a network card, called NIC1, which is connected to a hub/switch.
    The card NIC1 gets another IP number - e.g. 192.168.0.1.


    intenet <-> [modem (123.123.123.123) - S - NIC1 (192.168.0.1)] <-> HUB/Switch


    The other 2 boxes, let us call them A and B, also have NIC's, and you assign some
    numbers to them, for example 192.168.0.10 and 192.168.0.11 (or DHCP if you wish).
    The main issue here is, that A and B need to know, where to route their
    traffic to - this is the so called "default gateway" (or "route add", have a read in
    another context[1]).
    So, do not forget to configure these two machine correspondingly.

    intenet <-> [modem (123.123.123.123) - S - NIC1 (192.168.0.1)] <-> HUB/Switch <-> A and B


    Finally, your box S needs to be configured. Have a general read with this whitepaper[2]
    to get the idea, then you might go more specific with the smoothwall configuration guide[3]
    (GREEN = NIC1, RED = modem).


    Good luck.
    Cheers.

    [1] http://www.antionline.com/showthread...hreadid=266584
    [2] http://www.metaconsultancy.com/whitepapers/fw.htm
    [3] http://downloads.smoothwall.org/pdf/docs/
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Smoothwall is great.. Before you have a go at it.. download the Installation and Administration PDF files .. very helpful and informitive.. ther are a couple of good forums if your looking at tweaking/plugins
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Info sec_ware and XTC46

    mes$y,

    I could only add that I have been using "Smoothwall" on an old 500 box, since its' infancy and am well pleased. My config almost mirrors the above and it has worked very well.

    cheers
    Connection refused, try again later.

  6. #6
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I am going to interject here ..., but to answer your question in brief, yes, maybe.

    I think XTC46 did a decent job of answering the question, sec_ware did too but has been in the lab too long! If you care, read on.

    Because I'm drunk and don't care to search the forums and Internet for you I will try to answer with some questions. It's easier on you and lets me vent, but you have to read through my rambling. Bare in mind this asks questions you should have provided answers to in order for members to make informed recommendations. I will try to describe it so you can picture it in your mind.

    What type of connection do you have, what experience with computer Operating Systems do you have, what Operating Systems are on the other computers, what is your budget and what is the " old computer " ??

    These play a major role in decision making for your home as well as in corporate environments.

    Lets take this one step at a time.

    1) What Type of Connection:

    remember, if you use this " old computer " to connect to the Internet it will probably need to be on 24/7 unless you want to wait to boot it every time you want to connect another computer. A dial-up connection ( say AOL ) in my experience is harder to configure then a broadband connection, but it can be done. You will also have to consider the location, outlets, available space, etc. ( a commercial router would generally take less space, need fewer electrical outlets, etc. )

    2) Experience with Operating Systems:

    You mentioned http://www.smoothwall.org/]Smoothwall [/URL] . Do you have any experience with Linux? Smoothwall says you don't need any Linux experience .... If you have no experience with it I would not recommend attempting to protect your network with it until you do. Also, some familiarity with firewall design structure, as well as TCP/IP would be helpful. If you are serious about protecting your LAN ( I believe that is why you came here ) you will very quickly become interested in how and why it is working, and want to know if in fact it is protecting anything. Knowledge described above would help, especially when you find you can't run your P2P network or Netmeeting ( what is it called now? ) through the firewall. Then again, playing with it, especially if you do it before you use it to protect your network could provide you with a lot of information.

    3) Operating Systems currently in use:

    This goes along with #2, and you will have to know how to set up each with whatever final network design you come up with.

    4) What is your budget?:

    Major factor here and concerns the complexity of your set-up. If budget is minimal you should at least buy a hub for your LAN and a NIC for the firewall box.. More money, buy a switch for your LAN instead of a hub. In this case your firewall-box ( as already stated ) would connect to the Internet through one device ( is it dial-up modem, Cable or DSL, etc., which would connect through one NIC ? ) then connect to your hub or switch through the NIC you purchased. The computers on your LAN would then connect to the hub or switch, the firewall-box would act as a router as well. You could even leave the current connection of the two computers through your crossover ( kind of like a series circuit ) but why? ( Just remember to buy a hub or switch with enough ports for future needs.)

    A second set-up would be to purchase a router to connect to the Internet. ( more money here ) You could then set up the firewall-box as a pass-through " bridge " ( harder to configure and still need to purchase that additional NIC ) between your hub/switch and the router. Many of these have built-in ( though limited ) firewalls. and do the routing for you. Then again as XTC46 said, you could use the other box for something else ( snort maybe? )


    5) What is the Old Computer :

    This is critical. You have to consider many things here. The software you mentioned says it will work with an i386 but that is iffy. I've had Linux 2.0 kernels running very well on i386 and i486 as firewalls, but in my experience 2.4 kernels work better on at least an i586, 2.6 kernels an i686 or better. What kernel does it use? Also, what type slots does it have ( do you have enough free slots for another NIC,) are they ISA, PCI, etc. ? Many boards came with only two PCI slots, one already taken. If you added a PCI graphics card you may be out of luck ( unless your broadband modem also uses USB and the motherboard supports it. )
    It should also have a decent hard drive ( NO, you don't need an 80 gig! ) and a decent amount of memory ( 16 megs won't cut it anymore).

    Bottom line, the more information you supply, the better members can tailor their response.

    I hope I have answered your question and maybe clarified my fellow members responses if you did not understand them. If you did, I apologize for taking you time.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Since no one has actually answered your questions so far:

    I hope you understand my question, do i need to buy a router, do i need to put like 2 ethernet cards on the firewall in order to share it?
    No, you do not need to buy a router.

    Yes, you do need to ethernet cards on the firewall.

    You can use several options:

    1. Multi-port firewall router combo. Connect all the computers to it.
    2. Basic hub, connect the spare computer to the internet and the hub. Connect the rest of the systems to the hub.
    3. Crossover cable, connect the firewall computer to the internet and then to your current internet sharing system with a crossover cable, use another crossover cable to connect the remaining system like the current setup.

    Options 1 and 2 are very comparable... 3 might introduce additional latency, but unlikely to be anything significant at this scale.

    cheers,

    catch

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    umm catch... I answered his question and gave him a second optionin my reply. so did many others... you just repeated what many have said already. Normally I wouldnt care but you added that no one had answered the question.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  9. #9
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Everyone else indicated that he needed to buy a hub/router, which is not the case and what he asked.

    cheers,

    catch

  10. #10
    Junior Member
    Join Date
    Apr 2005
    Posts
    3
    Thank you all for your answers, and for taking the time to help me out. i appreciate it.

    I'm sorry for not giving the full details of it, so here it goes:

    My main objective is to have a secure network, and also learn how to set it and learn with it.

    Mainly the "old box" is a P2 133Mhz, with 64MB ram, with a 2gb HD.

    The other 2 computers are both running Dual Boot (Windows Xp, SlackwareLinux), but mainly i use Linux, yes i have some knowledge in linux, and i've got a lot of books to help me out too.

    As for the budget it's kind of a medium one, i mean i don't want to spend a lot of money on it, but i also don't want the minimum as possible.

    And for the connection it's a 256K cable connection.

    So what do you guys think i should do, put on smoothwall with 2 NIC, or buy a router with firewall and put like IKnowNot said: put the "old computer" with snort? any other opinions?

    What would you do if this was your case?

    If any other details are necessary, just tell me.

    Thanks in advance,

    ~Mes$y

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •