Results 1 to 4 of 4
Hello. My situation is like this: School network has around 60 computers and 5 Printers. Line comes to Lucent DSLPIPE modem and then to HP ProCurve 4000m switch (witch has ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-24-2007 #1
Help with Linux Firewall configuration!?
Hello. My situation is like this:
School network has around 60 computers and 5 Printers. Line comes to Lucent DSLPIPE modem and then to HP ProCurve 4000m switch (witch has configuration). One of cables connects to Linux Firewall PC (Swedish distribution) and then there is Windows domain controler with 2 network cards for two subnets(teachers and students).
No school buy new PC so firewall has new PC also. Problem is with configuration of linux. I use other distribution...
Old firewall info:
eth0 IP: 10.2.44.253
eth0 NetMask: 29
eth0 Broadcast: 255.255.255.255
eth0 Discription: Uplink interface
eth1 IP: 10.2.44.62
eth1 NetMask: 26
eth0 Broadcast: 255.255.255.255
eth0 Discription: Protected network
echo " Initiating VLAN:s and routes ..."
# Load VLAN module
insmod 8021q 2>&1 | grep -v 'insmod: a module named 8021q already exist' >&2
# Setup VLAN and IP-addresses
# Uplink on public IP
vconfig add eth0 100
ip link set dev eth0.100 up
ifconfig eth0.100 18.104.22.168 netmask 255.255.255.252
# Add Teachers network
vconfig add eth0 101
ip link set dev eth0.101 up
ifconfig eth0.101 10.2.44.62 netmask 255.255.255.192
# Add Students network
vconfig add eth0 102
ip link set dev eth0.102 up
ifconfig eth0.102 10.2.44.126 netmask 255.255.255.192
ip addr add 10.2.44.190/26 brd + dev eth0.102
# Add EXTRA_NAT network
#vconfig add eth0 103
#ip link set dev eth0.103 up
#ifconfig eth0.103 10.2.44.190 netmask 255.255.255.192
ip route add default via $GATEWAY
ip addr add 10.2.44.254/24 dev eth0
and then on windows domain info:
eht0 IP: 10.2.44.10
eht0 Netmask: 255.255.255.192
eht0 Gateway: 10.2.44.62
eht0 DNS: 10.2.44.10
eht1 IP: 10.2.44.109
eht1 Netmask: 255.255.255.192
eht1 Gateway: 10.2.44.126
eht1 DNS: 10.2.44.109
HP ProCurve info:
For me is little complicated to understand how to set this info on new PC. I wont use old distribution because its old and small.
So please help/suggest what/how configuration i should use and whats best distribution for this.
Linux is the best! )) Always I used it but i am a programmer not a Network specialist )) But i really need help with this.
- 08-27-2007 #2
Frankly I don't get your problem.
One of cables connects to Linux Firewall PC (Swedish distribution) and then there is Windows domain controler with 2 network cards for two subnets(teachers and students).
Many questions . You should give more details about your config/nw topology and explain in more detail your problem"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds
- 08-27-2007 #3
Because its not my configuration. The company did all installation long time ago - and now that company do not exist So nobody know even passwords - i was need to reset them.
What i want is to make same network as it is now just with new machine and distribution or in other way but working. Network looks now like this:
First gos modem -----> To first port of HP ProCurve 4000m switch (switch looks more advanced not simple one HP ProCurve 4000m Switch ) -----> from switch second cable go's to Linux firewall with Bifrost Network Project (but it has two network cards and uses just one cable)
And two cables from switch gos to Windows Domain Server machine.
Network has two subnets - one for teachers and one for students. and other computers a connected by using same switch some other simple ones.
So please if you know how tell me If you need more info - describe and i will try to get
- 08-27-2007 #4
Ok. Now I think I understand your problem much better. You just want to throw away the ugly old Linux FW SW and use a current Linux distro for the FW and keep the current network topology.
Normally there is one cable between the modem and the firewall on one interface and one cable between the internal protected LAN and the second interface of the FW.
You use VLANs in order to get the external and internal network separated such that all the clients connected to the windows domain server are protected by the firewall.
I wouldn't use VLANs if there is no strong reason to do so. I just would plug in a second network card in the Linux box, connect the windows domain server there and configure a normal Linux firewall. But then you have to reconfigure the switch and all the defined VLANs which might be challenging.
There is one point which I don't understand: The second cable to the windows box. Is there some service (e.g. web server ...) running on the windows box and accessible from the internet? If yes - that's again uggly because servers accessible from the internet should reside in a DeMilitarizedZone and not running on a normal server in the local LAN. I strongly recoomend to switch to a DMZ. Then you need another network card and another server which run's the external services and will be connected to the third interface of the FW. Then you have to configure your firewall the right way and should be done. But this requires Linux and iptables know how
I'm not a VLAN expert. So there might be other way's to get the FW & DMZ stuff set up. Hope somebody who knows VLANs and FW will comment on this thread also."Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds