Linux- router/firewall using iptables, no NAT

[Rambotnic]

Hi!

Im having trouble with a homework assignment and was wondering if someone could help me out. The mission is to demonstrate a linux-mounted pc with two network adapters(in my case eth0 and wlan0), set up as a router/firewall that doesn't do NAT'ing. Both network adapters have to have a public ip. Permit access to a web server behind it(port 80) and make it accessible through ssh for remote admisitration.

The environment is the schools public wireless network, which i'd like the linux to catch and then pass it on through eth0 to the test computer. Would "ip router" be the correct term for what i need to achieve? Is it possible for the test computer to get an ip dynamically from the public wireless through the linux router?

Any kind of help would be very much appreciated.

(sofar i've only been able to get it working by letting eth0 assign a local ip to the test computer and configuring the firewall seemed like nothing too complicated either).

 

[Easy Rhino]

what does your textbook say?

 

[Rambotnic]

what does your textbook say?

I don't have a textbook for this explicitly, unfortunately, just google.

 

[Disparia]

Sounds more like a bridge since no routing or NAT is being performed.

http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en.html

A second possible configuration is a system that is set up as a transparent firewall for a LAN with a public IP address space.

Internet ---- router (62.3.3.25) ---- bridge (62.3.3.26)

|
|
|---- WWW Server (62.3.3.28 gw 62.3.3.25)
|
|
|---- Mail Server (62.3.3.27 gw 62.3.3.25)​

The following commands show how this bridge can be configured.

# Create the interface br0
/usr/sbin/brctl addbr br0

# Add the Ethernet interface to use with the bridge
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# Start up the Ethernet interface
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# Configure the bridge Ethernet
# The bridge will be correct and invisible ( transparent firewall ).
# It's hidden in a traceroute and you keep your real gateway on the
# other computers. Now if you want you can config a gateway on your
# bridge and choose it as your new gateway for the other computers.

/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.31

If you traceroute the Linux Mail Server, you won't see the bridge. If you want access to the bridge with ssh, you must have a gateway or you must first connect to another server, such as the "Mail Server", and then connect to the bridge through the internal network card.

May not be applicable to your particular distro, but should help you Google.

 

[Rambotnic]

Sounds more like a bridge since no routing or NAT is being performed.

http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en.html



May not be applicable to your particular distro, but should help you Google.

Thanks a bunch! First of all, yes, it helps me google. Also you led me to those manuals