[wplug] router Linux ideas?
n schembr
nschembr at yahoo.com
Fri May 8 12:03:26 EDT 2009
Zach,
security! security! security! I installed redhat in 1998 and was hacked with in 24 hours. This was a default install with no changes. I now believe in security above all else. I assume that my machine can be accessed from the net. I turn on only services that I need. I then put this machine behind a cheap nat router to add one more layer. I tend to build a dmz around two nat routers. I port forward services to the dmz machine from the internet facing nat router. The second nat router protect the rest of the office. This is how I would setup a public web server on an office network.
Note: I turn off upnp on the nat router connected to the internet.
...............
| DSL Modem |
| |
| |
| |
'`'''''|''''''
|
|
+----------------+
| Nat Router |
| |
+--------+-------+
|
| ....................
+------------------| DMZ Host |
| | |
| | |
| | |
| |__________________|
+------+--------+
| Nat Router |
| |
| |
| |
| |
+---------------+
|
................. ....................
| Switch +--------| Desktop |
|...............| | |
| |
| |
|__________________|
If your goal is to learn to build a firewall router / hardened system, then your setup is fine. Should your dmz system fail you can plug the nat router into the DSL Modem in order to get access to the net. The switch is optional. If the dmz is down you will need to change the wan address on your nat router ( if static).
For the most part, the Switch is not needed on the dsl modem. The dsl modem has a 4 ports switch built in. Plug the dsl modem into your DMZ machine nic1.
Before you deploy the dmz machine run nmap on the public side ( nic1) and note the services you are presenting to the public. Check from time to time to make sure new services are not starting.
Nicholas A. Schembri
Pittsburgh PA USA
http://bamboofields.net
----- Original Message ----
From: Zachary Uram <netrek at gmail.com>
To: General user list <wplug at wplug.org>
Sent: Wednesday, May 6, 2009 7:24:44 PM
Subject: [wplug] router Linux ideas?
Hi everyone,
I got an awesome deal today on a Linksys wired Etherfast Cable/DSL
router and 4 port switch. The model number is: BEFSR41 version 3.
What exactly can I do with this in Linux? I have 2 computers and would
like to network them using this.
It came with 6 foot ethernet cable and a 12V power adapter. Any ideas
and/or pointers on what to do to set this up in Linux would be great.
Right now I have raw ethernet frames being sent to my laptop which is
using static IP so I have nothing in the way:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
66.93.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 66.93.172.1 0.0.0.0 UG 0 0 0 eth0
My eventual goal is to setup a DMZ network and route my public network
traffic behind that but for the present I just want to get my 2
computers sharing the DSL line using this router I got.
In case anyone has any feedback here is my planned DMZ setup:
http://www.hyperyoda.org/my-DMZ-network-diagram.png
Zach
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20090508/4d23debf/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Document1.png
Type: image/png
Size: 901 bytes
Desc: not available
Url : http://www.wplug.org/pipermail/wplug/attachments/20090508/4d23debf/attachment.png
More information about the wplug
mailing list