• We've upgraded our forums. Please post any issues/requests in this thread.

Linux- router/firewall using iptables, no NAT

Rambotnic

New Member
Joined
Jul 29, 2005
Messages
84 (0.02/day)
Likes
0
Location
In the middle of nowhere---Estonia
System Name Human
Processor Brain
Cooling Water
Memory Sucks
Video Card(s) Eyes
Storage Working
Case Skeleton
Audio Device(s) Quiet
Benchmark Scores Highschool certificate
#1
Hi!

Im having trouble with a homework assignment and was wondering if someone could help me out. The mission is to demonstrate a linux-mounted pc with two network adapters(in my case eth0 and wlan0), set up as a router/firewall that doesn't do NAT'ing. Both network adapters have to have a public ip. Permit access to a web server behind it(port 80) and make it accessible through ssh for remote admisitration.

The environment is the schools public wireless network, which i'd like the linux to catch and then pass it on through eth0 to the test computer. Would "ip router" be the correct term for what i need to achieve? Is it possible for the test computer to get an ip dynamically from the public wireless through the linux router?

Any kind of help would be very much appreciated.

(sofar i've only been able to get it working by letting eth0 assign a local ip to the test computer and configuring the firewall seemed like nothing too complicated either).
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.56/day)
Likes
4,256
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#2
what does your textbook say?
 
Joined
Aug 10, 2007
Messages
4,058 (1.07/day)
Likes
1,122
Location
Geneva, FL, USA
Processor Intel i5-6600
Motherboard ASRock H170M-ITX
Cooling Cooler Master Geminii S524
Memory G.Skill DDR4-2133 16GB (8GB x 2)
Video Card(s) Gigabyte R9-380X 4GB
Storage Samsung 950 EVO 250GB (mSATA)
Display(s) LG 29UM69G-B 2560x1080 IPS
Case Lian Li PC-Q25
Audio Device(s) Realtek ALC892
Power Supply Seasonic SS-460FL2
Mouse Logitech G700s
Keyboard Logitech G110
Software Windows 10 Pro
#4
Sounds more like a bridge since no routing or NAT is being performed.

http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en.html

A second possible configuration is a system that is set up as a transparent firewall for a LAN with a public IP address space.

Internet ---- router (62.3.3.25) ---- bridge (62.3.3.26)
|
|
|---- WWW Server (62.3.3.28 gw 62.3.3.25)
|
|
|---- Mail Server (62.3.3.27 gw 62.3.3.25)​

The following commands show how this bridge can be configured.

# Create the interface br0
/usr/sbin/brctl addbr br0

# Add the Ethernet interface to use with the bridge
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# Start up the Ethernet interface
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# Configure the bridge Ethernet
# The bridge will be correct and invisible ( transparent firewall ).
# It's hidden in a traceroute and you keep your real gateway on the
# other computers. Now if you want you can config a gateway on your
# bridge and choose it as your new gateway for the other computers.

/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.31

If you traceroute the Linux Mail Server, you won't see the bridge. If you want access to the bridge with ssh, you must have a gateway or you must first connect to another server, such as the "Mail Server", and then connect to the bridge through the internal network card.
May not be applicable to your particular distro, but should help you Google.
 

Rambotnic

New Member
Joined
Jul 29, 2005
Messages
84 (0.02/day)
Likes
0
Location
In the middle of nowhere---Estonia
System Name Human
Processor Brain
Cooling Water
Memory Sucks
Video Card(s) Eyes
Storage Working
Case Skeleton
Audio Device(s) Quiet
Benchmark Scores Highschool certificate
#5