linux firewall help

[Slash17]

Hi everyone, I was hoping I could get some help from the local linux dude's around here.

I run a firewall called FloppyFW (http://www.zelow.no/floppyfw/). Its does pretty much everything a Linksys Router would do, and them some. The "and then some" part also includes the troubles.

I recently added a third nic to my firewall for a dmz interface. I want to run my webserver, ftp, and all sort of servers from this box. The problem is that it won't recognize the dmz. I followed the instructions completely on how to set it up (http://www.zelow.no/floppyfw/downloa...i_ip-howto.txt) and have the IRQ's all correctly set.

Can anyone help?

[fernandez]

Sorry, I don't know the answer to your question, I'm still new to linux myself.

However, you might try the following linux boards.

http://linuxquestions.org/
http://www.justlinux.com/

[zaphodiv]

@Slash17, You will have to give much more information to get a helpful reply

Are you using an ipchains (1.x) version or an iptables (2.x) version?

How many internet ip address do you have? Usually just one with adsl/cable.
Presumably you are getting an address with DHCP?

What do you mean by "it won't recognize the dmz"?
Does the network card module load?

Do you have a seperate internet ip for the server machine or are you trying
to forward incoming connections to it.

Does the webserver machine have a static ip?
Is it reserved-for-lan or an internet address?
Is it using DHCP and are you running a dhcp server on the firewall box?
Are you testing by connecting from inside your network or from out on the internet?

[Slash17]

yeah, i noticed i left out quite a bit, here's more info

i'm on ADSL, and have 1 IP. I'm getting my ip from pppoe. The IP will be serperate. My webserver will have a static lan ip. The firewall does use dhcp but the webserver will has a static ip. I'm testing by having a friend see if he can get to my site, at his house.

And i'm using iptables 2.x

[zaphodiv]

You need to start off by getting the link between the webserver box and the firewall box working.
Tell us how you get on with getting three network cards to work in the same machine, I'm
interested to hear how it goes and what cards you use. To get two cards to work
in a linux box I'v had to use two different types of card so the drivers just
detect one card of the type they are looking for.

Connect the machine with a crossover cable or via a hub,
If it dosn'get get loaded by the FFW scripts you can try loading the driver
for the third card with modprobe. Work on it until the machines can ping each other.

Router manufacturers seem to have bastardised the term DMZ to mean the computer that
gets incoming connections, if that is all you want you might as well not bother with
the third network card and just put it on the LAN.
The point of a DMZ is to provide some isolation between internet reachable servers
and internal machines so that when the server gets hacked/infected it dosn't allow
access to the rest of the internal machines. I'd put the webserver in it own seperate
subnet eg if the rest of your machines are 10.0.0.x netmask 255.255.255.0 then make
the webserver 10.0.1.1 netmask 255.255.255.0. The firewall box should be set so that
the internal machines can connect to the webserver but the webserver isn't allowed
to connect to int internal machines.


The firewall box will have to internet ip so you will have to set it to
forward incoming connections. Somthing like
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80 -j DNAT --to-destination 192.168.1.5

> I'm testing by having a friend see if he can get to my site, at his house.
There are a few places that will give you a free shell account which is usfull
for testing your own webserver.

[Slash17]

sry guys, i've been busy lately.

the nic card works, and i can ping the interface, i just can't access the net from it.