Linux router/bridge + firewall

Antonis Sidiropoulos asidirop at csd.auth.gr
Wed Aug 13 14:16:55 EEST 2003 

Prospathw na steisw enan linux router + firewall,
alla dystyxws exw apotyxei plhrws :-)
Perigrafw loipon to problima, mipws mporei na boithisei kapoios:


Exw (sto auth) ena synolo apo mixanakia ta opoia thelw na "kripsw"
pisw apo ena firewall.
Ta mixanakia auta anikoun sto idio subnet, alla den einai ta mona.
Perigrafw ligo tin topolaogia tou diktyou.


--------------        __________                  _____________
|main-router |________| switch |_____(firewal)____| my switch |
|x.x.x.100   |        |--------|                  |___________|
--------------         ||.. ||                       ||.. ||     
                      diafora mixanakia             ta dika mou mixanakia
                      katw apo to x.x.x.            katw apo to x.x.x.
                      px. x.x.x.5                   px. x.x.x.10
                          x.x.x.9                       x.x.x.50
                          x.x.x.200                     x.x.x.125
                          ktl.                          ktl.

Thelw loipon, na balw ena firewall metaksi tou "switch" kai tou "my switch".
(Ypopsin oti den yparxei i dynatotita gia allages twn IPs)

Dokimasa loipon na balw to devil-linux (devil-linux.org) sto mixanaki 
"firewall"
to opoio einai ena linux se CD- to kanei extract se ram drive,
kai pernei ta configurations (/etc) apo tin disketa.

Dedomenou omws oti sto idio subnet, anikoun kai ta mixanakia entos, alla 
kai ektos
tou firewall, den mporw na orisw netmask gia na diaxwrisw me poia mixanakia
tha epikoinonei mesw tou eth0 kai me poia mesw tou eth1.

etsi loipon, otan kanw ping apo to firewall ena mixanaki x.x.x.y
den kserei poio ethernet interface na epileksei.

Parathetw pithanes lyseis, kai parakalw to forum na mou pei tin symbouli tou
oson afora to poia apo tis 2 lyseis na prospathisw perissotero (kai poia 
einai pio swsti bebaia),
dedomenou oti den mporw na pw oti eimai eidikos sta diktya:

1h lysi: Na orisw sto "firewall" analytika to route table
gia kathe mixanima pou exw pisw apo auto kai se poio eth interface to 
briskei
+ na orisw na kanei proxyarp tis dieythynseis pisw apo auto
me arp -s x.x.x.k ktl..
kai
ifconfig eth0 arp
ifconfig eth1 arp

2h lysi: Den xreiazomai router, alla bridge - to opoio ap' oti katalaba
einai ena device sto diktyo pou "den exei ontotita" - diladi den 
xreiazetai na exei IPs - 
apla stelnei sto eth0 o,ti lambanei apo to eth1 (afou perasei apo to 
firewall)
kai sto eth1 o,ti lambanei apo to eth0.
Dokimasa loipon na kanw ta bimata 3.7 - 3.9
apo to http://burks.brighton.ac.uk/burks/linux/howto/mini/bridg004.htm
To devil linux omws, den periexei to tool brcfg, opws perigrafei
to howto, alla to brctl.
Xrhsimopoiontas loipon to
brctl addbr "br"
kai
brctl addif "br" eth0
brctl addif "br" eth1
brctl stp on

Otan omws kanw:
brctl showstp "br"
mou leei oti ta interfaces eth1 kai eth0 gia to sygkekrimeno bridge 
einai inactive.

Kai meta apo auto omws den douleuei.

Ti mou protinete na kanw?
na polemisw tin proti lysi?
h' tin deyteri?
h' kai tis 2 mazi ?:-)

h' na dokimasw kapoio allo disrtibution gia firewall? Protinei kaneis 
kapoio?

Euxaristw.

More information about the Linux-greek-users mailing list