Dlink 302g with Linux IPCop firewall
This is a discussion on Dlink 302g with Linux IPCop firewall within the Linux Security forums, part of the System Security and Security Related category; Does anyone have any hints or links for setting up ADSL on a DLink 302g to work as a bridge ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-07-2004
|
|||
|
|||
Dlink 302g with Linux IPCop firewall
Does anyone have any hints or links for setting up ADSL on a DLink 302g to
work as a bridge in conjunction with an IPCop firewall? I've got it up and running but I'm not entirely happy with the way it's working. It's currently letting the modem negotiate the PPP connection then routing through to the firewall. This means that incoming connections are being dropped by the modem and never reaching the firewall logs. I've tried using the settings on the DLink site for configuring the modem as a bridge, but it doesn't seem to work. Any ideas? -- Kwyj. "War is God's way of teaching Americans geography." -- Ambrose Bierce (Remove your panties to reply by email) 
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"Kwyjibo." wrote... > Does anyone have any hints or links for setting up ADSL on a DLink 302g to > work as a bridge in conjunction with an IPCop firewall? > I've got it up and running but I'm not entirely happy with the way it's > working. It's currently letting the modem negotiate the PPP connection then > routing through to the firewall. This means that incoming connections are > being dropped by the modem and never reaching the firewall logs. Should a bridge block ports? > I've tried using the settings on the DLink site for configuring the modem as > a bridge, but it doesn't seem to work. Something to keep in mind also - http://gd.tuwien.ac.at/linuxcommand....es/pppoe8.html The normal Ethernet MTU is 1500 bytes, but the PPPoE overhead plus two bytes of overhead for the encapsulated PPP frame mean that the MTU of the PPP interface is at most 1492 bytes. This causes all kinds of problems if you are using a Linux machine as a firewall and interfaces behind the firewall have an MTU greater than 1492. In fact, to be safe, I recommend setting the MTU of machines behind the firewall to 1412, to allow for worst-case TCP and IP options in their respective headers. -- Magilla
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"Magilla Guerilla" <magilla@DELETETHISstupidmonkey.org> said
> > "Kwyjibo." wrote... > >> Does anyone have any hints or links for setting up ADSL on a DLink 302g >> to work as a bridge in conjunction with an IPCop firewall? > >> I've got it up and running but I'm not entirely happy with the way it's >> working. It's currently letting the modem negotiate the PPP connection >> then routing through to the firewall. This means that incoming >> connections are being dropped by the modem and never reaching the >> firewall logs. > > Should a bridge block ports? > Nope. I've had to set it in it's default (non-bridging ) mode to get it to work. >> I've tried using the settings on the DLink site for configuring the >> modem as a bridge, but it doesn't seem to work. > > Something to keep in mind also - > > http://gd.tuwien.ac.at/linuxcommand....es/pppoe8.html > > The normal Ethernet MTU is 1500 bytes, but the PPPoE overhead plus > two bytes of overhead for the encapsulated PPP frame mean that the > MTU of the PPP interface is at most 1492 bytes. > > This causes all kinds of problems if you are using a Linux machine > as a firewall and interfaces behind the firewall have an MTU greater > than 1492. In fact, to be safe, I recommend setting the MTU of > machines behind the firewall to 1412, to allow for worst-case TCP > and IP options in their respective headers. Thanks. I never even considered that. I'll need to do this through a group policy. I don't really want to update registries on 500 pc's......... -- Kwyj. "War is God's way of teaching Americans geography." -- Ambrose Bierce (Remove your panties to reply by email)
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"Kwyjibo." wrote... > "Magilla Guerilla" said > > "Kwyjibo." wrote... > >> Does anyone have any hints or links for setting up ADSL on a DLink 302g > >> to work as a bridge in conjunction with an IPCop firewall? > >> I've got it up and running but I'm not entirely happy with the way it's > >> working. It's currently letting the modem negotiate the PPP connection > >> then routing through to the firewall. This means that incoming > >> connections are being dropped by the modem and never reaching the > >> firewall logs. > > Should a bridge block ports? > Nope. I've had to set it in it's default (non-bridging ) mode to get it to > work. What is non-bridging? > >> I've tried using the settings on the DLink site for configuring the > >> modem as a bridge, but it doesn't seem to work. -- Magilla
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"Kwyjibo." wrote... > "Magilla Guerilla" said > > "Kwyjibo." wrote... > >> Does anyone have any hints or links for setting up ADSL on a DLink 302g > >> to work as a bridge in conjunction with an IPCop firewall? > >> I've got it up and running but I'm not entirely happy with the way it's > >> working. It's currently letting the modem negotiate the PPP connection > >> then routing through to the firewall. This means that incoming > >> connections are being dropped by the modem and never reaching the > >> firewall logs. > > Should a bridge block ports? > Nope. I've had to set it in it's default (non-bridging ) mode to get it to > work. What is non-bridging? ( apart from being not a bridge ) > >> I've tried using the settings on the DLink site for configuring the > >> modem as a bridge, but it doesn't seem to work. -- Magilla
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"Magilla Guerilla" <magilla@DELETETHISstupidmonkey.org> said
> What is non-bridging? ( apart from being not a bridge ) > NAT Routing. -- Kwyj. "War is God's way of teaching Americans geography." -- Ambrose Bierce (Remove your panties to reply by email)
|
|
05-07-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
So you use NAT routing to connect to the internet eh?
Just asking so I can understand your set up. -- http://www.hyperoz.com.au/ "Kwyjibo." <KwyjiboYourPanties@ozdebate.com> wrote in message news:Xns94E2E6D4F68A9ssss@130.133.1.4... > "Magilla Guerilla" <magilla@DELETETHISstupidmonkey.org> said > > > > What is non-bridging? ( apart from being not a bridge ) > > > > NAT Routing. > > > -- > > Kwyj. > > "War is God's way of teaching Americans geography." -- Ambrose Bierce > > (Remove your panties to reply by email)
|
|
05-08-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"V" <la@la.la> said
> So you use NAT routing to connect to the internet eh? > ATM the modem is performing the routing and firewall duties, as is the IPCop firewall. The problem with this is that the incoming packets are being stopped by the modem, which I don't want to happen. I want all incoming traffic to hit the firewall, where I can setup rules on what I want to allow and block, and also get decent logs. I want the firewall to be performing all firewall and NAT routing duties, with the modem just passing traffic through freely in both directions. -- Kwyj. "War is God's way of teaching Americans geography." -- Ambrose Bierce (Remove your panties to reply by email)
|
|
05-08-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
can you set your modem to bridge mode? If you want IPCOP to be your
firewall and NAT router, you need to put the modem into bridge mode, and plugged directly into the ipcop machine. then the ipcop machine is plugged into the hub. you cant use the hub in the modem safely without turning on the modems NAT/firewall, which is what you want to turn off, if i understand you correctly hint for setup: you cant use nat and bridge at once. -- My email address is real, including the word SPAM. "mail=valid" must be in the body of the e-mail to pass the spam filter. Dyslexia and Spell Checkers do not mix. "Kwyjibo." <KwyjiboYourPanties@ozdebate.com> wrote in message news:Xns94E37D67B300Essss@130.133.1.4... > "V" <la@la.la> said > > > So you use NAT routing to connect to the internet eh? > > > > ATM the modem is performing the routing and firewall duties, as is the IPCop > firewall. > The problem with this is that the incoming packets are being stopped by the > modem, which I don't want to happen. I want all incoming traffic to hit the > firewall, where I can setup rules on what I want to allow and block, and also > get decent logs. > I want the firewall to be performing all firewall and NAT routing duties, > with the modem just passing traffic through freely in both directions. > -- > > Kwyj. > > "War is God's way of teaching Americans geography." -- Ambrose Bierce > > (Remove your panties to reply by email)
|
|
05-09-2004
|
|||
|
|||
|
Re: Dlink 302g with Linux IPCop firewall
"EnjoyDialup" <EnjoyDialup_SPAM@yahoo.com.au> said
> can you set your modem to bridge mode? Apparently, yes. That's what I'm asking about. A step by step on how to do it and how to configure IPCop to handle the login etc. > If you want IPCOP to be your > firewall and NAT router, you need to put the modem into bridge mode, and > plugged directly into the ipcop machine. That's why I originally asked: "Does anyone have any hints or links for setting up ADSL on a DLink 302g to work as a bridge in conjunction with an IPCop firewall?" > then the ipcop machine is > plugged into the hub. you cant use the hub in the modem safely without > turning on the modems NAT/firewall, which is what you want to turn off, > if i understand you correctly > Yep. > hint for setup: you cant use nat and bridge at once. I know that. It's setting the DLink to bridging mode and getting IPCop to work with it that I'm having trouble with. -- Kwyj. "War is God's way of teaching Americans geography." -- Ambrose Bierce (Remove your panties to reply by email)
|
Linear Mode
