Firewalls and routers
Doug Bronson
doug at bronson-tate.com
Sun Jan 12 16:38:09 CST 2003
Hi all.
I have a bit of a problem that I can't seem to over come.
After giving up on my dial up connection, I bit the bullet, swallowed my
pride and let Time Warner back on my property, with their broad band
cable service.
Here is what I'm trying to do:
>From the cable modem a wired link will go to a D-Link router. Off the
router will be three connections. One to a web server, one to a wireless
access point and one to a linux box (proxy server). The linux box will
then connect to the home LAN.
The linux box (proxy server) is running Squid and also masq. the
internal LAN.
All internal boxes have static IP's.
The router can assign addresses.
I have no problems with either the web server or the wireless access
point.
THE PROBLEM:
As long as I don't have any firewall (IPChains) running on the proxy
server, all is happy.
>From any work station I can get out to the net, FTP, use AIM and
get/send mail.
Once the firewall is running, either my home made one or PMFirewall, I
only have web access. No FTP, AIM or mail.
WHAT I'VE TRIED:
The Proxy server works fine (w/ IPChains running) as long as it is
directly connected to the cable modem. The same is true if the router is
replaced with a ethernet switch.
I have configured the router to assign IP addresses and/or use static
addresses to the internal LAN. I have also configured the proxy server
to use DCHP for the ext. card and/or use the assigned number. I have
also tried all combinations of the above.
I have pre set the DNS pri. and sec. in both the card config, and the
firewalls.
None of the above have worked.
The only progress that was made was while using PMFirewall, I was able
to browse the internet. But no FTP, AIM or mail.
Has anybody successfully done what I'm trying to do?
If so how did you do it?
Is it a simple IPChain that I'm overlooking?
DO I need to tunnel through the router?
Please feel free to offer any advice at all, as now I'm only able to use
one firewall (the router) and the rest of the system is wide open to
attacks on the web server and/or wireless network.
Thanks
Doug
More information about the Kclug
mailing list