New internal network layout and Firewall


Late last week I finally got around to upgrading my firewall and internal network..... For years I have been running Coyote Linux as my firewall. It has been a reliable and easy to use firewall solution. But I had outgrown it's capabilities. I tried to use it's big brother, Wolverine, but never could get it to work right, and the author (who is likely very busy) hasn't addressed my concerns.

I did some research and decided to try IPCop. An open source linux based firewall solution.

I took the time to fully document all of my port forwards and other firewall configuration information before making the attempt.

If your going to use IPCop I highly recommend you read the installation documentation BEFORE you attempt the basic installation - it will save you several re-installation attempts. Ask me how I know.

I opted for a full RED-ORANGE-BLUE-GREEN configuration this time around. What that means is a separate sub-net for my Web/Mail server, my internal LAN and my wireless access point. Doing this meant installing 4 network cards in the linux firewall box, one for each segment.

Note for those that use DynDns or any similar service to provide DNS for your DHCP assigned IP address from your provider: You might want to remember that when the new firewall comes up and gets an IP address from your provider - it won't likely be the same as the previously assigned IP address. You will need to update your info on DynDns (or what ever service you use). I spent an hour beating my head against a wall trying to figure why things were not working correctly.

Because of several mistakes on my part (Remember: RTFM can save you time) the install took a few hours to get up and working. But it does work and it was worth the effort.

Next week I may attempt VPN from the BLUE and RED portions into GREEN.

So here is what my network looks like now:

  • Currently 0.00/5
Rating: 0.00/5 (0 votes cast)

Share It!

Trackback

Trackback URL for this entry: http://www.tbayne.net/trackback.php?id=20070813100142189

No trackback comments for this entry.

Be the first to comment