[wplug] questions about firewall

Bill Moran wmoran at potentialtech.com
Sat Dec 8 12:29:10 EST 2001


Romano, Christopher wrote:
> I use one card to connect to my DSL modem and the other to connect to my
> hub.
> 
> So I do I apply the rules for eth0 to ppp0 and forget about eth0?

No, no, no.
I jumped and answered too quickly - before getting all the information.
I assume what you're talking about is using ppp over ethernet.  Personally,
I can't give you a whole lot of advice, as I don't have much experience
with pppoe, but the basics of what you want to do are:
1: Apply the outside interface rules to ppp0
2: Apply the inside interface rules to eth1
3: Either research pppoe specifically, or use a packet sniffer (such as
    ethereal) to determine what traffic is running across the eth0 interface.
    Then write some rules to restrict any traffic that is not valid pppoe
    traffic.

Good luck,
Bill

> Chris
> 
> -----Original Message-----
> From: Bill Moran
> To: wplug at wplug.org
> Sent: 12/8/2001 11:14 AM
> Subject: Re: [wplug] questions about firewall
> 
> Romano, Christopher wrote:
> 
>>Everything that I have read has eth1 with an internal IP address and
>>
> eth0
> 
>>with a public IP address.  I use Verizon DSL and my connection is
>>
> through
> 
>>ppp0.  So ppp0 has the external IP and both my ethN have internal.
>>
> When I
> 
>>set up my rules do I just use the two internal because they are my
>>
> ethernet
> 
>>cards?  I know that I have going to have to mask everything to go
>>
> through my
> 
>>ppp connection.  I am going to be using IPTables.
>>
> 
> Why do you have two eth cards internally?  The first thing you may want
> to
> consider is "Do I need two eth cards".  You may be making things
> unnecessarily
> complicated.
> If you only have the ppp interface and one eth interface, then what you
> do is
> just replace eth0 with ppp0 in those tutorials and eth1 with eth0.
> If you need both internal interfaces, then your changes are still not
> that complicated:
> you'll need to use the rules the tutorials tell you to apply to eth0 on
> ppp0,
> and the rules the tutorials tell you to apply to eth1 on _both_ internal
> interfaces.
> 
> Good luck.
> 
> 


-- 
Bill Moran
Potential Technology
http://www.potentialtech.com




More information about the wplug mailing list