I need help with JAY'S IPTABLES FIREWALL 1

[Spinaker]

Hi again,
I run in to some problems while setting up my linux firewall box. Im using Jay's firewall under debian woody,
i have three NIC's (DMZ) and an ADSL connection.
When im doing ifconfig, i have all NIC plus ppp0. Thats ok.
Now some of you already know, that i have 6 public IPs that i want to use in my DMZ.
My problem is that when im setting up jay's firewall which interface should i use as the external one, plus i need to put those IP on it, I cant do it on ppp0 couse it gets automatically all info from ISP. Well bvasically im stucked.
For now i can use internet from LAN but, when im checking the IP im getting out with it is my ISP's IP 213.150.38.253 and not my 213.150.48.145
Please help.

Thanks in advance, Spinaker.

Gone with the wind...

 

[lullysing]

The external interface should be the one connected to dsl. I need to see the final network plan to help you more about this.


_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.

 

[Spinaker]

Hi,

so this is how it is:


ADSL modem with WAN and LAN sockets

ADSL LAN ---- LINUX box ---10.10.10.1---LANswitches
|
|192.168.1.1
DMZ

on the lan side 10.10.10.1, dhcp is runing smoothly.
DMZ is not yet operational

the external interface eth1 has assigned IP 213.150.48.145, broadcast 213.150.48.144, plus i want to put rest of my public IPs on that interface. But that interface is also used by pppoe protocol to connect to ISP. So i have kind of two external interfaces eth1 and ppp0. For now i have traffic from my LAN, but when im checking IP im getting out with it is ISP's IP 213.15.38.253.

the ppp0 interface has obtained IP automatically 213.150.38.253 P-t-P:213.150.53.242 Mask: 255.255.255.255 PointToPoint running noarp multicast. That is what ifconfig ppp0 gave.

If i should give more info just tell me what you need.

Thanks in advance, Spinaker.

Gone with the wind...

 

[thedaver]

Use "ppp0" for your Jay's External Interface. Not the ETH card it comes in on.

I'm a little surprised to see the values you showed for the ppp0 interface
"213.150.38.253 P-t-P:213.150.53.242 Mask: 255.255.255.255"

Here's how you'd add multiple IPs to an interface, let's use eth0

ifconfig eth0:5 192.168.0.5 netmask 255.255.255.0
ifconfig eth0:7 192.168.0.7 netmask 255.255.255.0

I often use a bash script with a list of host IP #s to do this in a loop

for IP 66 67 68 69 70 71 72; do ifconfig eth0:$IP 192.168.0.$IP netmask 255.255.255.0; \ done

This will bind the interface to listen for all the IPs you've been assigned.

My GUESS is that you would apply these assignments to ppp0 and rebuild Jay's config to include all the ppp0 virtual interfaces as External interfaces.

"Surfinbox Shares" - A fundraising program that builds revenue from dialup Internet users.

http://www.surfinbox.com/shares/