Where To Add Firewall (Smoothwall)

C

Carlosinfl

Loves the juice
Joined
Sep 25, 2002
Messages
6,633
I am adding a Firewall in at home. I did not want to before as it was another noisy PC and more heat/clutter in the office but I feel it is worth it and I found a nice spot in the closet for this guy to sniff packets. I just don't know how to arange the order and maybe you guys can help me. Here is what I am working with...

Toshiba (TWC/RR) Cable Modem --- > WRT54G (DD_WRT) --- > Linksys 10/100 unmanaged switch 24 port --- > LAN PC's

Where would be the best place for the Smoothwall Firewall? I am right now using the Linksys WRT54G v2 as a "router/firewall" but it's poor protection at best. Can we just turn this into a WAP for my laptops and have SW do everything else?

Thanks for any assistance.
 
I have a similar setup to that and run my Endian box right after the cable modem.

so...like this...:
Code: 
Cable Modem --> Endian -->24port 3com switch -->Lan PC's
                     |--Wireless router turned AP --> wireless clients
 
Mine is a similar also


Modem-----linksys router ----- sonicwall 2040 ------switch
 
Cable Modem ==> Endian ==> wrt54g running DD neutered into AP mode only.

No double NAT for me.
 
Carloswill said:
Where would be the best place for the Smoothwall Firewall?
...
Can we just turn this into a WAP for my laptops and have SW do everything else?
Click to expand...

Try
Code: 
Cable modem --red interface--> Smoothwall --green interface --> switch -> everything else
                                    |
                           wrt54g (on blue interface)
 
I am new to Smoothwall. Can you explain the green, red, blue interfaces to me?

My smoothwall has dual identical 10/100 NIC's.
 
Red Interface - the one connected to the outside world. The one you don't want "nasties" getting through.

Green Interface - The one your internal wired network is attached to.
Blue Interface - The one the wireless is connected to. It's isolated from the Green interface for security reasons. If you want devices on blue to access devices on green, you'll need to open pinholes between them.

btw - to have a R, B, and G interface you'll need 3 NIC's. Don't have to be identical either.
 
nst6563 said:
Red Interface - the one connected to the outside world. The one you don't want "nasties" getting through.

Green Interface - The one your internal wired network is attached to.
Blue Interface - The one the wireless is connected to. It's isolated from the Green interface for security reasons. If you want devices on blue to access devices on green, you'll need to open pinholes between them.

btw - to have a R, B, and G interface you'll need 3 NIC's. Don't have to be identical either.
Click to expand...

This is the best way to do it from a security side. If you don't want to deal with that just run the wireless router in ap mode on the green interface with the wired machines.
 
Guys - I got smoothwall installed fine and it seems super easy. Right now I have 2 NIC's on the box. When it boots up, I go to "setup" and there I set the hostname and all that stuff.

I actually red the PDF manual and it said to selecct the Red + Green config for my cable connection at home. Now I gave RED = 192.168.0.1. Red was configured fine and I see activity lights flasing on the NIC as normal.

Green is where I am having the problem. Is green suppose to be dynamic set or static? I have 3 options and I would assume dynamic or static. If static, can it be 192.168.0.2? If not, what would be a logical selection for the green (eth1) interface?

I did make sure that Smoothwall was doing DHCP (enabled) however my laptop can't get an address wired into the switch that is connected to the green (eth1) interface.

Please help me.
 
With cable...you usually set your red to "Obtain Auto"..plugged right into your cable modem. With most cable ISPs...with their typical modems (IE Motorola Surfboard, etc)...the RED NIC will pickup a public IP address.

You may have to power off your cable modem for several minutes so it will forget the MAC of the prior device connected to it.
 
I am confused...

It gave me a suggestion for eth0 (Red) of 192.168.0.1. It seems that the green interface is the only one I can configure with a static of dynamic IP.

I can't understand why no clients on the LAN are getting an IP. It's like DHCP is not working on Smoothwall even though it is enabled.
 
Something is seriously wrong then. RED is always the outside, green is always the inside.
 
Carloswill said:
I am confused...

It gave me a suggestion for eth0 (Red) of 192.168.0.1. It seems that the green interface is the only one I can configure with a static of dynamic IP.

I can't understand why no clients on the LAN are getting an IP. It's like DHCP is not working on Smoothwall even though it is enabled.
Click to expand...

Was the outside interface plugged into another router when you ran setup? Or plugged into your cable modem? Dunno the smoothwall install...but on others like IPCop, Endian, pfsense...during the install you select your zones...what will go where...may have made a bum choice along that route. Maybe try setup again.
 
I did the install at work so that may be why. Let me try a new install in my home LAN.

I also have a 2nd question. In the manual it says that I should place all servers that need access to the internet in a dedicated zone labeled the DMZ. Do I need a 3rd NIC for the DMZ? How would this setup work if someone does not mind explaining this to me.

I have a FTP and Apache server that I don't want on the green side. The manual specified importance on placing them in the DMZ rather than my intranet.
 
Carloswill said:
I also have a 2nd question. In the manual it says that I should place all servers that need access to the internet in a dedicated zone labeled the DMZ. Do I need a 3rd NIC for the DMZ? How would this setup work if someone does not mind explaining this to me.

I have a FTP and Apache server that I don't want on the green side. The manual specified importance on placing them in the DMZ rather than my intranet.
Click to expand...

You will need to install a 3rd NIC into the Smoothwall box. This will be your Orange interface, it will need a seperate subnet from the Green network. By default this interface does not do DHCP so you will need to enter in all the IP info (IP, DNS, Gateway) on your servers manually. Once you have that set up, you can forward the ports for the services you are running to your server(s).
 
Guys - I did a complete reinstall of Smoothwall on my PC (2 NIC's) and well...it went as normal. I installed from the CD & and it found the green interface and it assigned it a default 192.168.0.1 IP. Now by this point I already have my cable modem jacked in directly to the top NIC and then a cable from the bottom NIC to the network switch. I have no idea if maybe it sees the wrong NIC as the green one. I don't know if Smoothwall is smart enough to detect the modem connection flowing to that specific top NIC.

Maybe I don't have the correct network config. Am I suppose to use Green + Red? That is what I have been using and it always loses the settings to the "RED" card.

Please any info is greatly appreciated.
 
yes, you should be using the Green + Red. Red should get it's own address from the cable modem (IP set to DHCP). Green should be set to the 192.168.0.1 or whatever address you want for it since it will be your internal network.

Can you not get an IP address from the smoothwall box? Have you tried to set your IP to 192.168.0.10 to see if you can connect?
 
Yes, I left it as Red + Green and I made sure that DHCP was enabled but once the config is done, my client boxes never get assigned an IP from the box. The range is set from 192.168.0.100 - 200.

I am going to swap out one of the NIC's because the fact that they're identical is too confusing. Right now with the 2 identical Intel NIC's, green is fine but red always gets un-allocated for some reason and I think this is causing issues with assigning DHCP IP's.

If I swap out one of the Intel's for the a Linksys and that Linksys NIC has a cable going to my LAN switch - am I correct in saying that the Linksys NIC is green and the Intel that has a cable from the SW box to the cable modem is red?
 
Carloswill said:
If I swap out one of the Intel's for the a Linksys and that Linksys NIC has a cable going to my LAN switch - am I correct in saying that the Linksys NIC is green and the Intel that has a cable from the SW box to the cable modem is red?
Click to expand...

Yes.
 
QwertyJuan said:
Am I missing something?? You want to run a Linksys router AND a smoothwall??

QJ
Click to expand...

Where did you get that from? No, please see my config again. The Linksys WRT54G was removed from the setup and when I mentioned Linksys above, I was discussing an alternate NIC.

Let me try the following mentioned above.
 
Yes, I wanted to give SW a try over the popular IPCop. I like to see what works best. The problem was SW was reversing the order of the cards or not detecting the WAN cable was already plugged in and assigning it the LAN or green interface. I also had to reboot my modem for some reason but now I am posting from behind my new SW Firewall. My only questions now since I can't get on the SW Forum (No Gmail Authenticartion) is why does it assign my one and only client the last possible DHCP LAN address?

My DHCP range is 192.168.0.100-200 and my laptop always gets 200. I think that is kind of weird, no? I guess it works fine but I would think it would throw 100 first.

2nd issue <edit - has been resolved. I read the manual and had to use :441 at the end and also https.
 
I used smoothwall and now Endian and they both start assigning addresses at the end of the DHCP pool. No biggie I don't think.
 
Yes, It seems to be working fine now. Thanks all. I would like to learn more about adding my wireless AP on a seperate subnet. Would that require a totally seperate (3rd) NIC?
 
Yeah, dunno...I guess assigning addresses backwards from the end of your DHCP range is normal or something for the Linux based firewalls. Odd, really.

And you can turn your WRT into a WAP easily without any software changes...give it a static IP not in your SW's DHCP IP range, and plug into the 4 switch ports, not the WAN ports. Treats it as a switch.
 
You must log in or register to reply here.
Back
Top