Jump to content
Posted 05 January 2013 - 21:39
Posted 05 January 2013 - 22:04
Yes, you are now accepting packets from the 192.168.0.x network to the debian 'sever'.
You need to filter them then either just pass them off out the other interface or use NAT's prerouting to change them to come out the other interface.
(Plus you'll want to use FORWARD not ACCEPT)
Posted 05 January 2013 - 22:28
Posted 05 January 2013 - 23:04
-A INPUT -i eth0 -j FORWARD
(From what I remember, can't check as the half-NAT I did for a firewall for my server is offline)
Posted 05 January 2013 - 23:14
As I before mentioned I am trying to gain a more advanced understanding of routing and firewall configuration from the CLI as apposed to a GUI based pre-prepared distro. I understand that this will give me (more) headaches however I would never have gained the experience in Linux that I now have if hadn't already spent a great deal of time attempting to play with things that I have no idea how to work. What can I say, I learn better by throwing myself in at the deep end
Posted 05 January 2013 - 23:25
Don't think if it as doing it the easy way, think of it as choosing the right tool for the job.
Posted 06 January 2013 - 00:37
Posted 06 January 2013 - 00:56
I believe pfsense will do nicely for what you are trying to accomplish...has a web based front end with a linux based back end. Probably the best of both worlds for you...you can see where you are screwing up.
Posted 06 January 2013 - 14:30
Posted 06 January 2013 - 15:09
Posted 06 January 2013 - 15:30
Posted 06 January 2013 - 15:31
Posted 06 January 2013 - 16:09
Do you ever plan on becoming a network engineer or network manager at a larger corporation with network management as you main responsibility ? If so you might want to use the Cisco, however in that case you'd probably be better of using it as a learning tool and experiment with it. and you probably don't want to experiment to much with your main route to the internet
Do you have plans to work in the IT field as network guy? Are you going for your CCNA? If not knowing the IOS of cisco gets you nothing. And again lets learn the basic concepts before jump into the inner workings of cisco's ios.
And a 2600 is just that a router - does it have the firewall feature set installed?
Here is the other point - wanting to play with the inner workings of iptables or pf or ipfw on freebsd or any of the other firewalls on linux/bsd that is great - but not sure I would use it as my gateway to the internet and firewall between these other machines on the .0 while your on a steep learning curve.
Why not play with those things inside the safety of your own network. You can quite easy split your network up as much as you want once you have isolated it from the hostiles on .0 network
If you don't have real hardware - you can play with using any linux/bsd distro as router/firewall all you want just on a few VMs. Same goes for cisco, if you know someone that can get you the images (hmm wonder who might be able to help you there?<grin>) you can setup fairly extensive cisco lab just using http://www.gns3.net/
Posted 06 January 2013 - 16:24
Posted 06 January 2013 - 16:31
From what I remember of cisco, only the catalyst series of devices had firewalls.