Re: [SLE] Firewall advice
Hello, Derek. I have a couple of wild and crazy ideas about this matter. Firstly, a quick and dirty fix for you. Pop the NIC out of the firewall machine, and drop it into one of your other machines with a full blown OS on it. Configure the DSL modem with that machine. Then put the card back into the firewall box, and, as if by magic, your firewall will be using the same MAC address as the machine it was configured with and your DSL modem should be happy. Secondly, and this one is a bit more technical, and may even be wrong (I'm sure someone will correct me if my logic is flawed), but if the firewall is running NAT, then does it really matter which machine configures the DSL modem ? With NAT enabled, all outgoing packets inherit the IP and MAC address of the NAT machine's external interface. Therefore, you should be able to hook up your firewall machine to the DSL modem, and configure it from any of the machines behind the firewall. I am assuming you have NAT enabled so as to hide the other machines from the DSL modem. Bye for now, Stuart.
Derek Fountain <derekfountain@yahoo.co.uk> 12/30/02 07:26AM >>> => Does it carry a web browser that supports frames and => Javascript, and can I => install it onto a box with no CD drive?
Well, it's small, has a very good support page, requires no CD-ROM (I assume you could FTP it to the box ??), and is configured by editing a couple of fully-commented conf files...
If it doesn't carry a copy of Mozilla, Netscape4/7 or Konqueror, I won't be able to configure my ADSL modem with it. The modem is configured using a browser interface, and will only subsequently work when used from the same MAC address as it was configured from. That was the reason I switched from Smoothwall, which is a fine firewall, to SuSE in the first place.
On Tue, 31 Dec 2002 02:12, Stuart Powell wrote:
Hello, Derek.
I have a couple of wild and crazy ideas about this matter.
Firstly, a quick and dirty fix for you. Pop the NIC out of the firewall machine, and drop it into one of your other machines with a full blown OS on it. Configure the DSL modem with that machine. Then put the card back into the firewall box, and, as if by magic, your firewall will be using the same MAC address as the machine it was configured with and your DSL modem should be happy.
Secondly, and this one is a bit more technical, and may even be wrong (I'm sure someone will correct me if my logic is flawed), but if the firewall is running NAT, then does it really matter which machine configures the DSL modem ? With NAT enabled, all outgoing packets inherit the IP and MAC address of the NAT machine's external interface. Therefore, you should be able to hook up your firewall machine to the DSL modem, and configure it from any of the machines behind the firewall. I am assuming you have NAT enabled so as to hide the other machines from the DSL modem.
Bye for now,
Derek, Are you by any chance using iinet.net.au - noticed you did a post a couple of weeks ago and I never got around to replying. If so the second bit of advice Stuart provided will work with iinet as I have done the same. Although now I have moved to a SuSE firewall solution for other reasons. If you have any problems with the above, email me off list. -- Regards, Graham Smith ---------------------------------------------------------
Firstly, a quick and dirty fix for you. Pop the NIC out of the firewall machine, and drop it into one of your other machines with a full blown OS on it. Configure the DSL modem with that machine. Then put the card back into the firewall box, and, as if by magic, your firewall will be using the same MAC address as the machine it was configured with and your DSL modem should be happy.
That would be a solution, but it would mean having to take boxes apart each time I wanted, for example, to change my password (which I do regularly).
Secondly, and this one is a bit more technical, and may even be wrong (I'm sure someone will correct me if my logic is flawed), but if the firewall is running NAT, then does it really matter which machine configures the DSL modem ? With NAT enabled, all outgoing packets inherit the IP and MAC address of the NAT machine's external interface. Therefore, you should be able to hook up your firewall machine to the DSL modem, and configure it from any of the machines behind the firewall. I am assuming you have NAT enabled so as to hide the other machines from the DSL modem.
Er, yes. You're right. Of course you are. Why didn't that occur to me? Oh well, I have the SuSE firewall basically working now, and someone port scanned it for me last night and it seems pretty tight. I'm also getting keen on the idea of having the flexibility of a full SuSE distro on the box; it means I can write my own scripts to monitor things rather than rely on what's provided by Smoothwall or whoever. I'll file your post away though, in case I come back to this topic. -- Australian Linux Technical Conference 2003: http://www.linux.conf.au/ Explain to your boss the benefits of you going...
participants (3)
-
Derek Fountain -
Graham Smith -
Stuart Powell