Re: howto: firewall for ppp interface only and accept all eth-traffic

["A.J. Bonnema" <abonnema xs4all nl>]

Daniel Hedlund wrote:
> On Mon, 2003-12-08 at 15:06, A.J. Bonnema wrote:
>
> > Hi guys,
> >
> > I read your advice on using firewall tools, so I started using 
> > firestarter. Now I have the following problem. My network has two 
> > internet connections I might use:
> >
> > 1. eth1 = internal traffic + traffic from the internet through a 
> > physical router/firewall
> >
> > 2. A connection through my telefone line which I will use if the ADSL 
> > connection is down.
> >
> > So what I need is for all traffic from the eth1-card to be accepted and 
> > all traffic from the telefone line to be scrutenized by the fire wall.
>
>
> If you want to allow all traffic from eth1 card to be accepted then you
> don't want a firewall at all, except when you're using the telephone
> line/modem.  

That occurred to me, however, I will be blocking the internal network 
traffic too. And what I want is the internal servers (like Samba) to be 
usable for the internal devices and not usable from anywhere else. The 
external firewall takes care of the ADSL connection through the ethernet 
card.

That's why I was wondering whether I could have both: complete freedom 
on the ethernet card and a strict firewall from the telephone line.


If this is the case then set up your firewall in
> firestarter to be very restrictive (only applying to the modem dial-up
> connection) and on the second page of the wizard, choose "ppp0" (or
> similar) 

For some reason this interface doesn't appear in firestarter. Only eth1.
 Lokkit did detect the ppp0 device as does the "network device control" 
from "system tools".

and tick 'Start the firewall on dial-out'.  Go through the rest
> of the wizard relating to ppp0 (blocking just about everything).
>
> Cheers,
>
> Daniel

Guus.
--
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)