[Sussex] Firewall appliance recomendations

Ronan Chilvers ronan at thelittledot.com
Fri Aug 11 11:36:16 UTC 2006 

On Fri, Aug 11, 2006 at 11:04:33AM +0100, Steven Dobson wrote:
> Ronan
> 
> On Fri, 2006-08-11 at 10:44 +0100, Ronan Chilvers wrote:
> > On Fri, Aug 11, 2006 at 10:05:39AM +0100, Colin Tuckley wrote:
> > <snip> I'll need to get an ADSL modem (looking at a
> > Linksys ADSL2MUE) to bridge the ADSL line to ethernet.  I'll need to do
> > PPPoE from the firewall to the modem which hopefully should be straightforward.
> 
> Why PPPoE from the firewall to the modem?  From a quick look at the spec
> the model has a RJ45 port out the back (as well as the RJ11).  It's web
> configurable so you should just be able to run it in a small network.
> Assuming that the Linksys modem can't do NAT as it is not a firewall you
> can do the NATing on the firewall and the modem will think there is only
> one machine (your firewall) that it is talking to.
> 
>            +-------+                  +----------+
>  --- RJ11 -+ Modem +------ RJ45 ------+ Firewall +--- RJ45 to LAN
>            +-------+                  +----------+
>      Public   192.168.1.1/24   192.168.1.2/24   192.168.2.1/24
>        IP
>       Addr

Yeah, but this is quite untidy don't you think? The modem has a bridge
mode where it acts (I think) as a PPPoE concentrator so you can initiate
your connection on it as the next hop from the firewall.  The benefit
here is that if I had a static IP in the future I can manage that
directly via the firewall, using the third RJ45 to create a DMZ
(been thinking about hosting a subversion server on the end of the line
for a couple of projects). My understanding is that using the modem in
bridge mode puts it into layer 2(?) and it becomes a IPless data link rather
than a transport component (sound correct?).

One little side not is that the ADSL2MUE

> 
> > Just been looking at Voyage Linux which is interesting - debian sarge
> > based distribution for WRAP/soekris devices that can run off a CF card.
> > Looks like just the job.
> > 
> > At the moment I have a little toshiba laptop with IPcop on it and an
> > ADSL speedtouch USB modem, which works well, but takes up a good bit of
> > room.
> 
> If you went for the Soekris net4801 that has a USB slot in in (the
> net4501 does not) you wouldn't have to replace you speedtouch.  In fact
> with the 2.5inch converter kit you could just configure the laptop for a
> serial console, pull the laptop disk and plug it into the net4801 and
> go.

That's a good point! Didn't think of that... curses - I thought I'd
almost made my mind up then...  I'd presumably need to install a kernel
for the Geode CPU though wouldn't I?  I could knock off the 25 quid for
the modem then...

Decisions, decisions...

Cheers
-- 
Ronan
e: ronan at thelittledot.com
t: 01903 739 997

This email has been digitally signed using GNUPG to verify the identity
of the sender. Please see http://www.gnupg.org/ for further information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060811/b3d38ff3/attachment.pgp

More information about the Sussex mailing list