ADSL Router with Linux box as firewall.
VinylPusher
I have an Alcatel Speedtouch 510 router (replaced that kak USB thing). I'd
like to have it connected through my RH7.2 box and then through to my
switch. The idea is that the linux box does firewall and server type stuff,
and my main PC doesn't have to stay on 24/7 like it does now (FTP server).
I've looked through various iptables scripts and howto's etc etc, but I
can't quite manage to get it working.
The router (AFAIK) acts as a bridge between me and the internet and has an
ip of 10.0.0.138. It assigns connected machines ip's from 10.0.0.1 upwards
via DHCP and DNAT's packets through.
I've got the linux box almost sorted, with eth1 (10.0.0.3 via DCHP as it is)
connected to the router and eth0 (192.168.0.1) connected to the switch, with
my PC connected to the switch as 192.168.0.2. Simple enough.
I can ping and telnet between my PC and the linux box, but I can't see the
internet. It's taken me ages to even grokk iptables, but routing has be
confused.
Has anyone else managed to get a similar configuration up and working?
all mail refused
VinylPusher wrote:
>I have an Alcatel Speedtouch 510 router (replaced that kak USB thing). I'd
>like to have it connected through my RH7.2 box and then through to my
>switch. The idea is that the linux box does firewall and server type stuff,
>and my main PC doesn't have to stay on 24/7 like it does now (FTP server).
What ISP arrangement are you using ? I'm miffed at the Demon Express
(and variations) stating Win98, IE & Javascript are required. If I can
switch to ADSL keeping close to my current linux config I prolly will.
--
decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp
random words follow - don't take too seriously!
Cheug Wing-hang took 420 pounds (HK?) from his bank account numbers
and have it work ONCE, as soon as I understand their desire to
make it as Feb 29, 1900! Microsoft Multiplan handles this by
aerodynamic control inputs;
VinylPusher
"all mail refused" <el...@notatla.demon.co.uk> wrote in message
news:slrnac2nvj...@notatla.demon.co.uk...
> In article <1019305360.25183....@news.demon.co.uk>,
> VinylPusher wrote:
>
> >I have an Alcatel Speedtouch 510 router (replaced that kak USB thing).
I'd
> >like to have it connected through my RH7.2 box and then through to my
> >switch. The idea is that the linux box does firewall and server type
stuff,
> >and my main PC doesn't have to stay on 24/7 like it does now (FTP
server).
>
> What ISP arrangement are you using ? I'm miffed at the Demon Express
> (and variations) stating Win98, IE & Javascript are required. If I can
> switch to ADSL keeping close to my current linux config I prolly will.
I signed up back in November, when all you could get (for a reasonable
price) was that shitty USB adapter. There _are_ linux drivers for the
Alcatel USB device, but I've not bothered trying it. I bought an Alcatel
Speedtouch 510 router to use instead (nice ethernet connection).
Doddle to set up for Windows, linux has me a bit confused (linux newbie, not
surprising).
Lee
VinylPusher <news...@vinylpusher.demon.co.uk> writes
>This has had me cursing for a little while now ;-)
>internet. It's taken me ages to even grokk iptables, but routing has be
>confused.
>
Can the Linux box see the internet? If not then you probably have your
output rules a bit too strict (can it even see the router once iptables
is up and running?). If it can then you probably haven't enabled
ipforwarding check the Linux ip masquerading FAQ.
In my setup my firewall is connected directly to the usb slug but that
shouldn't make any major difference, if you still can't get it working I
have a working firewall script that I got off the internet, I have
slightly customised it but it is well commented so you can work out what
bits do what.
Lee
David Killick
server from the internet, but do you also need SNAT on the gateway to
allow internal machines to see out?
I only have SNAT on my g/w as I only want to be able to see out.
David Killick
have come a long way since last year.
To anyone else considering Demon ADSL with the USB modem and Linux (BSD
as well aparantly), I recommend using the 'benoit drivers' which run in
userspace (which means they should not be able to crash the whole
machine), come with excellent instructions and take as little as half an
hour to get going.
They are much easier to install than the open source kernel ATM variant,
and I understand that the manufacturer's driver should be avoided.
With that, I felt there seemed little point in paying extra for a router
that performed a function that my Linux machine can do just as well.
David Killick
bit behind the times) and it worked fine for me!
Richard Howlett
No I use a hardware firewall but I remember from my RHCE about enabling ip
forwarding. Try:
echo "1" >/proc/sys/net/ipv4/ip_forward
--
Richard Howlett
mailto:ric...@howie.org.uk
John Dent
authentication config but beyond that it was a matter of following the
HOWTO - http://linux-usb.sourceforge.net/SpeedTouch/howto.html.
Ironically, I got stuck and decided to have a try with Win2K. Under 2K
it connected, authenticated, transferred about 100 KB and then stopped
and needed a reboot to get it working again.
Back under Linux it's worked flawlessly for about a month now.
If you're thinking of trying the USB product and don't have anything
against it as a router per se then don't let Linux be the thing that
stops you.
Cheers,
denty.
VinylPusher
"Lee" <ne...@bloodycat.co.uk> wrote in message
news:QUivR2Hf...@bloodycat.org.uk...
The Linux box can see the internet. My iptables is thus:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
Which should work, router is connected to eth1, rest of lan to eth0.
I can connect to 10.0.0.3 (eth1) from another local machine (192.168.0.2).
Do I need to add a route or something?
VinylPusher
Only found out because someone started chatting to me on MSN :-)
Owain McGuire
<david....@metalicom.nospam.demon.co.uk> wrote:
>I have said 'shitty' USB modem, and it works rather well, the drivers
>have come a long way since last year.
>To anyone else considering Demon ADSL with the USB modem and Linux (BSD
>as well aparantly), I recommend using the 'benoit drivers' which run in
>userspace (which means they should not be able to crash the whole
>machine), come with excellent instructions and take as little as half an
>hour to get going.
>They are much easier to install than the open source kernel ATM variant,
>and I understand that the manufacturer's driver should be avoided.
>With that, I felt there seemed little point in paying extra for a router
>that performed a function that my Linux machine can do just as well.
>
I had a similar post on the demom.service.isdn newsgroup since I am
planning to upgrade to ADSL from ISDN. The question I have is that my
"shitty" slug would have to plug into my RH Linux box that doesn't
have any USB ports. If I buy a PCI board that drops in some USB ports
do you think Linux will "see it"?
O.
David Killick
setup for a friend at the weekend (albeit a Slackware Linux installation).
Not sure which card he has, but I think it is from D-Link.