• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Linux- router/firewall using iptables, no NAT

Rambotnic

New Member
Joined
Jul 29, 2005
Messages
84 (0.01/day)
Location
In the middle of nowhere---Estonia
System Name Human
Processor Brain
Cooling Water
Memory Sucks
Video Card(s) Eyes
Storage Working
Case Skeleton
Audio Device(s) Quiet
Benchmark Scores Highschool certificate
Hi!

Im having trouble with a homework assignment and was wondering if someone could help me out. The mission is to demonstrate a linux-mounted pc with two network adapters(in my case eth0 and wlan0), set up as a router/firewall that doesn't do NAT'ing. Both network adapters have to have a public ip. Permit access to a web server behind it(port 80) and make it accessible through ssh for remote admisitration.

The environment is the schools public wireless network, which i'd like the linux to catch and then pass it on through eth0 to the test computer. Would "ip router" be the correct term for what i need to achieve? Is it possible for the test computer to get an ip dynamically from the public wireless through the linux router?

Any kind of help would be very much appreciated.

(sofar i've only been able to get it working by letting eth0 assign a local ip to the test computer and configuring the firewall seemed like nothing too complicated either).
 
what does your textbook say?
 
Sounds more like a bridge since no routing or NAT is being performed.

http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en.html

A second possible configuration is a system that is set up as a transparent firewall for a LAN with a public IP address space.

Internet ---- router (62.3.3.25) ---- bridge (62.3.3.26)
|
|
|---- WWW Server (62.3.3.28 gw 62.3.3.25)
|
|
|---- Mail Server (62.3.3.27 gw 62.3.3.25)​

The following commands show how this bridge can be configured.

# Create the interface br0
/usr/sbin/brctl addbr br0

# Add the Ethernet interface to use with the bridge
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# Start up the Ethernet interface
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# Configure the bridge Ethernet
# The bridge will be correct and invisible ( transparent firewall ).
# It's hidden in a traceroute and you keep your real gateway on the
# other computers. Now if you want you can config a gateway on your
# bridge and choose it as your new gateway for the other computers.

/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.31

If you traceroute the Linux Mail Server, you won't see the bridge. If you want access to the bridge with ssh, you must have a gateway or you must first connect to another server, such as the "Mail Server", and then connect to the bridge through the internal network card.

May not be applicable to your particular distro, but should help you Google.
 
Back
Top