Re: firewall setup xdsl: eth0/eth1/ppp0?

From: Doug MacFarlane (madmac_at_vauban.com)
Date: 11/05/03

  • Next message: Tom: "Re: "Red Hat recommends Windows for consumers"" 
    To: debian-user@lists.debian.org
Date: Wed, 05 Nov 2003 11:27:16 -0600

    On Wed, 05 Nov 2003 01:15:18 -0900, Ken Irving wrote:

    > On Wed, Nov 05, 2003 at 09:52:42AM +0100, Andreas Bohnert wrote:
    >> Hi,
    >> I don't know how to setup my firewall for my new xdsl connection. I
    >> saw some posting concerning adsl, so maybe there are some
    >> people, who know how to handle this.
    >
    > I'm not sure what you're talking about, with xdsl and lokal, but I'd
    > recommend the shorewall firewall.

    I, too, can strongly endorse shorewall.

    Fundamentally, your internal interface is eth0 and external is ppp0, which
    I assume is a pppoe interface, and not pptp like you said. The pppoe
    protocol does NOT use the ethernet interface's IP address for
    communications. Most implementations don't even require it to be
    configured with one. The only way anyone is going to be able to route
    traffic to eth1 with a 10. address on it is if they source-route it all
    the way AND your, their, and all the ISP's in between, have configured
    their routers poorly.

    So, setup shorewall with eth0 as the internal, lan, or local interface,
    and ppp0 as the external or internet interface.

    If you are really paranoid, setup eth1 as a dmz interface, and don't
    accept anything into or out of the dmz.

    madmac 

    -- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Tom: "Re: "Red Hat recommends Windows for consumers""

    Relevant Pages

    • Re: Problem about ppp -nat
      ... ipfw firewall, ... Just setup your fw of choice as if the tun0 device is the external device and leave all the nat stuff completely out of it. ... My Internet interface is rl0, ... # /etc/rc.d/routing restart ...
      (freebsd-questions)
    • Re: firewall setup xdsl: eth0/eth1/ppp0?
      ... >> I don't know how to setup my firewall for my new xdsl connection. ... I assume is a pppoe interface, and not pptp like you said. ... So, setup shorewall with eth0 as the internal, lan, or local interface, ...
      (Debian-User)
    • Re: Packet filters
      ... > nature so I need to setup a firewall on the management interface. ... > handling any of the packets on the second interface. ...
      (freebsd-questions)
    • Re: Packet filters
      ... > Bill's post is correct only if the firewall defaults to pass all. ... > for each interface you want to pass through the firewall. ... >> nature so I need to setup a firewall on the management interface. ... >> handling any of the packets on the second interface. ...
      (freebsd-questions)
    • RE: Packet filters
      ... Bill's post is correct only if the firewall defaults to pass all. ... for each interface you want to pass through the firewall. ... > nature so I need to setup a firewall on the management interface. ... > handling any of the packets on the second interface. ...
      (freebsd-questions)