[sclug] Linux Firewalls and ADSL

Chris Aitken chris at ion-dreams.com
Tue Jun 8 15:09:12 UTC 2004

> Hi,
> I am looking into building a linux firewall router to act as 
> a border to my network.  I have been allocated five fixed IP 
> addresses.  I want to build a DMZ where I wish to run 
> webservers.  Additionally I want to be able to connect from 
> another Internet location over a VPN to my Windows 2003 server.
> Internal addresses need to be NAT'ed.
> I was looking at smoothwall and IPCop.  Has anybody got any 
> comments on these products or recommendations regarding other 
> Linux firewall distro's?
> I was looking at putting an ADSL PCI card in the firewall to 
> connect to the Internet.  Does anybody have any 
> recomendations for supported ADSL cards?
> TIA.

Hi Steve,

I looked into this not so long ago, and my conclusion was that it was better
to set up the firewall myself using iptables (part of the 2.4 kernel).

Iptables is at the heart of both ipcop & smoothwall, but writing the scripts
yourself (relatively simple) will put you in good stead as to what actualy
goes on. Everything you need (NAT, DMZ etc can be done this way). Smoothwall
will only allow 1 DMZ, whereas I wanted one for webservers etc, and another
for a wireless access point.

IIRC for the VPN solution, you may have to do that yourself, depending on
whether you are trying to connect a network to a network, or a single PC to
a remote network. I have set up the latter very simply using the PPTP
daemon. This does require a kernel recompile to enable encryption (although
you can run a VPN without encryption).

The PPTP VPN will allow remote users to VPN to the gateway/firewall, and
then they have access to anything within the network, as a normal local user

I can talk you through this in better depth if needed.

As for ADSL - make your life alot easier by buying an ethernet ADSL modem.
Make sure it will work as a transparent bridge - so the internet sees your
firewall, and not the modem.



This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Sclug mailing list