devil-linux-discuss

[Devil-Linux-discuss] PLEASE HELP VERY URGENT!!! SOS

[pes c. <pe...@gm...>]

let me explain you the situation first
we have a static IP from our internet service provider ok
our router is a ADSL router with wifi and dmz capabilities
it has 4 ethernet ports and wifi access
i have successfully installed devil linux (Firewall) after the router with
two NIC
first NIC same subnet as that of LAN (ethernet)  of ADSL router . it is DHCP
client of ADSL router.


Second subnet is a class B network for local LAN
i have considered 172.0.0.10/255.255.0.0 as gateway address ie., for second
NIC and also it provides DHCP server for all the client on the LAN  from the
same


NOW we have dedicated DMZ server which was earlier connected directly to
ADSL router
BUT now we want it to be in LAN as well
please let me know how to configure third NIC which subnet it should have

1)WHAT SUBNET should i have for 3rd NIC on DL firewall ?  172 network or 192
one (i assume as class b or class c)


2)can we have a virtual ip for DMZ server that is having both the network
(suppose 172.0.0.254/255.255.0.0 and like 192.168.2.254/255.255.255.0) on
the onboard ethernet card



let this be aside please tell me how to route a DMZ request that comes from
outside (INTERNET) to ADSL router and NAT to this dmz server



PLEASE HELP ME its not working for me as of now
waiting for ur reply
pescoe

Re: [Devil-Linux-discuss] PLEASE HELP VERY URGENT!!! SOS

[Bruce S. <bw...@ar...>]

172.0.0.0/16 is NOT a private IP range!  The private class B's are:
172.16.0.0/16 – 172.31.0.0/16

See:  http://en.wikipedia.org/wiki/Private_network

Otherwise, I'm kind of lost on what you're asking.  Sorry.  :-(

 - BS


> let me explain you the situation first 
> we have a static IP from our internet service provider ok
> our router is a ADSL router with wifi and dmz capabilities
> it has 4 ethernet ports and wifi access 
> i have successfully installed devil linux (Firewall) after the router
> with two NIC
> first NIC same subnet as that of LAN (ethernet)  of ADSL router . it
> is DHCP client of ADSL router.
>   
> 
> Second subnet is a class B network for local LAN 
> i have considered 172.0.0.10/255.255.0.0 as gateway address ie., for
> second NIC and also it provides DHCP server for all the client on the
> LAN  from the same
>  
> 
> NOW we have dedicated DMZ server which was earlier connected directly
> to ADSL router 
> BUT now we want it to be in LAN as well
> please let me know how to configure third NIC which subnet it should
> have 
> 
> 1)WHAT SUBNET should i have for 3rd NIC on DL firewall ?  172 network
> or 192 one (i assume as class b or class c)
> 
> 
> 2)can we have a virtual ip for DMZ server that is having both the
> network (suppose 172.0.0.254/255.255.0.0 and like
> 192.168.2.254/255.255.255.0) on the onboard ethernet card 
> 
> 
> 
> let this be aside please tell me how to route a DMZ request that comes
> from outside (INTERNET) to ADSL router and NAT to this dmz server
> 
> 
> 
> PLEASE HELP ME its not working for me as of now
> waiting for ur reply
> pescoe
> -------------------------------------------------------------------------

Re: [Devil-Linux-discuss] PLEASE HELP VERY URGENT!!! SOS

[Dick M. <di...@li...>]

pes coe wrote:
> let me explain you the situation first
> we have a static IP from our internet service provider ok
> our router is a ADSL router with wifi and dmz capabilities
> it has 4 ethernet ports and wifi access

> Second subnet is a class B network for local LAN
> i have considered 172.0.0.10/255.255.0.0 <http://172.0.0.10/255.255.0.0> 

> NOW we have dedicated DMZ server which was earlier connected directly to 
> ADSL router
> BUT now we want it to be in LAN as well
> please let me know how to configure third NIC which subnet it should have
> 
> 1)WHAT SUBNET should i have for 3rd NIC on DL firewall ?  172 network or 
> 192 one (i assume as class b or class c)

Whatever you like so long as it's different from all the other subnets in the 
world or one from the range private network addresses allocated for this purpose 
masqueraded behind the firewall.

Normally what you do is chose 2 subnets, one for your LAN, say 192.168.1.0/24, 
and one for your DMZ, say 192.168.2.0/24, and set port forwards from outside to 
the appropriate place using DNAT in your firewall.

You can also add routing from LAN to DMZ in the firewall if you want to access 
your DMZ from the LAN.

You can use fwbuilder on some other machine to create the firewall exactly how 
you want and download it to your DL system.

Dick

Re: [Devil-Linux-discuss] PLEASE HELP VERY URGENT!!! SOS

[Serge L. <fi...@in...>]

pes coe wrote:
> let me explain you the situation first
> we have a static IP from our internet service provider ok
> our router is a ADSL router with wifi and dmz capabilities
> it has 4 ethernet ports and wifi access
> i have successfully installed devil linux (Firewall) after the router
> with two NIC
> first NIC same subnet as that of LAN (ethernet)  of ADSL router . it is
> DHCP client of ADSL router.
Not good idea. It is much easier to configure your network if DL will have
public ip, so reconfigure ADSL router to bridge mode.

> Second subnet is a class B network for local LAN
> i have considered 172.0.0.10/255.255.0.0 <http://172.0.0.10/255.255.0.0>
> as gateway address ie., for second NIC and also it provides DHCP server
> for all the client on the LAN  from the same
you have LAN: 172.0/16, probably it's a typo because it's public network.
Let it be 172.16/16 (your LAN is really so big?)

> NOW we have dedicated DMZ server which was earlier connected directly to
> ADSL router
> BUT now we want it to be in LAN as well
> please let me know how to configure third NIC which subnet it should have
The DMZ have to be a separate network, so it may be (rfc 1918) from the
following ranges:
  10.0.0.0        -   10.255.255.255  (10/8 prefix)
  172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
  192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Since you have chosen 172.16/16 for the LAN the choice is a bit narrower:
 10.0.0.0        -   10.255.255.255  (10/8 prefix)
 172.17.0.0      -   172.31.255.255  ( 15 networks with /16 prefix)
 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

I guess something like 172.17.0.0/29 (6 addresses) will be more than enough even
if DMZ will grow.
It may be also 192.168.0.0/29, 192.168.0.8/29, 192.168.0.16/29 etc etc.


>
> 1)WHAT SUBNET should i have for 3rd NIC on DL firewall ?  172 network or
> 192 one (i assume as class b or class c)
>

class B? class c? either your network is huge or try to use classless address
scheme.
please see above.

> 
> 2)can we have a virtual ip for DMZ server that is having both the
> network (suppose 172.0.0.254/255.255.0.0
>  and like 192.168.2.254/255.255.255.0
> ) on the onboard ethernet card
Theoretically you can (will not describe how), but should not. From my viewpoint
it's better to have 2 separated network segments ( 2 broadcast domains) because
the sense of DMZ will be lost if DMZ and LAN will be one broadcast domain.

> 
> let this be aside please tell me how to route a DMZ request that comes
> from outside (INTERNET) to ADSL router and NAT to this dmz server
It's easy.
- If ADSL is in bridge mode:
you have to configure DNAT for DMZ (see /etc/init.d/firewall.rules.* examples) only

- If ADSL is in router mode:

The first you have to configure DNAT for DMZ
The secound you have to add static route for DMZ and LAN to ADSL routing table
I assume you realize that in this case there will be 3 networks - LAN, DMZ and
transport network between ADLS and DL ( /30 is ok, and DHCP for such network is
overkill)

> 
> 
> 
> PLEASE HELP ME its not working for me as of now
> waiting for ur reply
> pescoe

-- 
Serge Leschinsky