ADSL + Linux

[Cybercide]

Hey I'm getting ADSL at some point during this week.
The thing is I've got a house network that I can't afford to leave vulnerable to attack so I'm going to run the ADSL connection thru a Linux (probably Gentoo) box.
What I want to know is has any1 here got any experience with Linux and ADSL? Where did they learn and also what sort of advice would they give with regards to IP masquerading etc?

 

[mbs]

You will have no problems with a Linux unit, particularly Gentoo, which is one of the stablest and dependency hassle-free distros around. I do strongly suggest that you opt for a router unit, however, as opposed to a standard 'modem' - the Telkom unit is called 'ADSL Router POTS'. It's a bit more expensive, but well worth it if you don't want hassles with USB device recognition and PPPoE. Plug the unit into a switch/hub as well as your machines, and configure the Linux box as a gateway for all other units. You can then setup NAT on the router if you want, or on your gateway machine. For proxy firewalling, use Squid/IPTables or similar - you have a vast choice in the OSS world.

Regarding 'learning', you will find that the OSS community is more than willing to help, provided you've made the effort to RTFM and have attempted to resolve the issue(s) yourself initially - there are literally hundreds of lists on the Internet where you could ask for help, if you don't manage to solve the issue(s) yourself. The OSS environment is not a 'hand-holding' one, however, nor is it very forgiving if you take chances and rely on others to provide a crutch for you - you risk being flamed if you don't at least RTFM/HowTo's. This is the best choice for learner-directed training - you will find that most Linux ppl have learnt using this route together with tech publications (mainly O'Reilly's Nutshell series), myself included.

So... hope I haven't scared you off, and that you join the OSS world as well as a local user group that you may find in your area...

 

[grubman]

if you only want / need a firewall solution have a look at www.smoothwall.org . Works well and doesn't need a monsta of a machine to run on.

 

[blodot]

I have recently altered my ADSL config from the "server gateway" model because I couldn't get it to allow simultaneous video and audio streams for webcamming.

My WindowsXP clients all dialup individually through the Telkom POTS router using a single NIC for Internet and LAN access, as you would expect.

HOWEVER my Linux (Xandros, no giggling please) client is struggling to share a single NIC and wants to use one NIC for LAN and another for ADSL thru router. If I use one NIC then I can get LAN until i connect the ADSL at which point I can only get Net, but no LAN.

Whassup with that? Gateway issues? Tried a few things, of course.
[yeah, I could RTFM but I am wondering if this is somehow related to the Telkom router.]

 

[antowan]

Your nic should be eth0 and the adsl connections should be set as device ppoe1. It is all virtual but your eth0 can have a static local ip in the 192.168.x.x range

The way you setup the nameserver and eht default gateway makes the difference.

In your net setup set default gateway as 196.25.1.1 for eth0 in order for it to find the net correctly through the ADSL connection. Set the nameserver as 196.25.1.1 on eth0 as well.

Hope this helps.

Cheers

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by blodot</i>
<br />I have recently altered my ADSL config from the "server gateway" model because I couldn't get it to allow simultaneous video and audio streams for webcamming.

My WindowsXP clients all dialup individually through the Telkom POTS router using a single NIC for Internet and LAN access, as you would expect.

HOWEVER my Linux (Xandros, no giggling please) client is struggling to share a single NIC and wants to use one NIC for LAN and another for ADSL thru router. If I use one NIC then I can get LAN until i connect the ADSL at which point I can only get Net, but no LAN.

Whassup with that? Gateway issues? Tried a few things, of course.
[yeah, I could RTFM but I am wondering if this is somehow related to the Telkom router.]


<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

He who does not understand the value of war at the right time, cannot comprehend the value of life at any time - Anonymous

 

[cAde]

try the SA distro out .. www.impi.org.za
- Impi linux




caio

South Africa / Poland / UK

 

[cAde]

Imaginet ADSL 512 Kbps = , 3Gb Cap = :-( on A SMC 7401BRA Router + SMC Switch

 

[blodot]

/quote

The way you setup the nameserver and eht default gateway makes the difference.

In your net setup set default gateway as 196.25.1.1 for eth0 in order for it to find the net correctly through the ADSL connection. Set the nameserver as 196.25.1.1 on eth0 as well.
/quote

Whew, man. BIG UP, man. I missioned on this for hours, maybe days. Yo dah Main Man. Worked immediately.

Many tx.

 

[Solar]

Whatever you do, DO NOT buy a telkom modem or pppoe router. Its junk and overpriced. Rather take a look at the Planet or D-Link routers. It's a fraction of the price and work MUCH better. You also do NOT need any kind of "firewall" or linux box if you're already using the adsl router through NAT.
Just make sure that only the ports you want passed from the Internet is enabled in the router's config (no ports are configured by default).

There's really no need to bring "linux firewalls" into every conversasion, as I've seen more ill configured linux firewalls than windows boxes, due to the fact that you need signifigantly more experience to correctly set up a *nix firewall.

The point is, that if you're smart about it, use an external ADSL router, and leave all the telkom PPPOE crap off your pc, you should have no further worries.

 

[mithrandi]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">There's really no need to bring "linux firewalls" into every conversasion, as I've seen more ill configured linux firewalls than windows boxes, due to the fact that you need signifigantly more experience to correctly set up a *nix firewall.<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
I have yet to see a "correctly" configured windows firewall.

mithrandi

 

[Solar]

And your definition of a correctly configured firewall would be...?

 

[mbs]

Aahh come-on, folks - there's no debate here really, as firewalls are essentially a resultant of the security need, which differs depending on topology, organisational requirements, and so on. Regarding the merits/de-merits of Linux versus Windows firewalls, this is largely moot depending on your strategic alignment to OSS or commercial solutions, as the functionality of products in both scenarios is much of a muchness - there are good and bad products in both. The bottom-line is to ensure that you assess/review your requirement thoroughly, then opt for the best solution that is correctly aligned with your choice of strategic environment. My personal choice remains Open Source, as this gives me the right and ability to delve right into the innards of the product to see what's going on, and not be constrained by proprietary issues of IP...

 

[antowan]

Agreed!

[8D]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by mbs</i>
<br />Aahh come-on, folks - there's no debate here really, as firewalls are essentially a resultant of the security need, which differs depending on topology, organisational requirements, and so on. Regarding the merits/de-merits of Linux versus Windows firewalls, this is largely moot depending on your strategic alignment to OSS or commercial solutions, as the functionality of products in both scenarios is much of a muchness - there are good and bad products in both. The bottom-line is to ensure that you assess/review your requirement thoroughly, then opt for the best solution that is correctly aligned with your choice of strategic environment. My personal choice remains Open Source, as this gives me the right and ability to delve right into the innards of the product to see what's going on, and not be constrained by proprietary issues of IP...

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

He who does not understand the value of war at the right time, cannot comprehend the value of life at any time - Anonymous

 

[Karnaugh]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Regarding the merits/de-merits of Linux versus Windows firewalls, this is largely moot depending on your strategic alignment to OSS or commercial solutions, as the functionality of products in both scenarios is much of a muchness<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Mind showing me Window's traffic shaping, firewalling and routing functionality in comparison to linux? The functionality of products in both scenarios is far from 'much of a muchness'.

<hr noshade size="1">
"Since light travels faster than sound, people appear bright until you hear them speak."

NetLink Research

 

[mbs]

AAARRRGGHH! [!][!] My final posting on this thread is merely to repeat that choice of firewall is a resultant of your security threat assessment, and as properly aligned with your choice of strategic OS environment. Issues of traffic shaping and routing have got more to do with Network QoS, and not firewalling.
When it comes to firewalls, if you've made the strategic mistake of choosing a Windows environment, there wouldn't be much point in comparing the functionality offered by Linux products, would there?! If you haven't yet made a choice of strategic OS environment, then you've got it wrong - it's time that you undertake a review of your strategic direction, and commit firstly to that choice, before doing functional or feature comparisons. This has got nothing to do with feature comparisons between Linux and Windows products, but instead of products within your choice of OS environment, such environment being very largely a determinant of your threat levels in the first place.
The point should be clear - don't choose a firewall based on product features or functionality except within your chosen environment, and don't challenge me on feature comparisons between Windows and Linux products, which is pointless - there are good and bad products in both environments. If you feel the need to change your firewall due to a feature-set offered by a particular product, you're perfectly entitled to do so, but this must remain aligned with your choice of OS environment, be it GNU/Linux, *nix, Solaris, Windows, MACOS/X, SyTOS, whatever.
Do not forget that firewalls are essentially a component of that generally known as the 'Back-End' or 'Data Centre' (which could be a single server, huge NOC, mainframe, clustered racks, whatever), and therefore must be properly aligned and fully compliant with that environment, which has got nothing to do with loading Zone Alarm or installing Tiny Personal Firewall on a PC, switching-on the firewall facility in your Windows XP network connection, or setting some packet filtering rules on your Linux workstation.
Over and Out!!

 

[mbs]

** Slap ** my own face... after calming down, I realised that ALL of this is probably irrelevant to Cybercide anyway, as he just wants to do his thing on a little 'house network'... SO SORRY (yeah right!)

 

[Karnaugh]

Yes but there are reasons Windows does not include those features - simply; its not designed as a firewall.

It does not include routing features because it simply cannot handle forwarding of packets on a software level adequetly; using it as a firewall is for one an unnecisaty waste of resources for something that can hardly get the job done at the end of the day and also wastes electricity.

I'm not saying don't use personal firewalls, I use zone alarm on all my windows desktops anyway even though they are behind a UNIX firewall because a workstation should also have local protection of its own. I'm saying that using a Windows PC to share an internet connection when there are much better solutions which are not hard to setup is just plain lazyness and add's to the problem of insecurity on the internet - something which wastes alot of peoples time and money.

<hr noshade size="1">
"Since light travels faster than sound, people appear bright until you hear them speak."

NetLink Research

 

[mbs]

Quite right - we've actually been debating stupidly on something that we're perfectly in agreement on, obfuscated by product feature comparisons over different environments, obviously.
For Cybercide - use a personal firewall like Zone Alarm or Tiny on your Windows boxes and strongly recommend you use a Linux unit to configure a firewall at your primary connection to the Internet - get to know the basis of Linux's filtering a la IPTables, gain an understanding of a proxy cache a la Squid, install and configure a more friendly product a la Smoothwall, etc. If you don't want to compute in the true sense of the word, there are 'total package' solutions that you could use - e-smith and SME-Server come to mind, both of which have real firewalling integral to their product sets. Bear in mind that these are complete enviros, however - if you already have a preferred distro installed, it will be overwritten. Personally, seeing that you're a Gentoo person, I would emerge iptables and squid and leave it at that (do a --pretend first, to see if it's in your portage tree), obviously getting to know in depth how they work over time...GL!

 

[Solar]

Sorry.. that's a load of bull. I've got a Windows 2000 server set up doing dynamic routing, QoS and packet filtering, running at about 3% CPU load. I'm certainly not talking about a desktop version of Windows, ofcourse that's not made to use as a network server in any kind of environment...
Who uses my first personal firewall v1.1 anywayz?

 

[mithrandi]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Sorry.. that's a load of bull. I've got a Windows 2000 server set up doing dynamic routing, QoS and packet filtering, running at about 3% CPU load.<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Sorry... that's just disturbing.

<hr noshade size="1">mithrandi, i Ainil en-Balandor, a faer Ambar