• Linux Network Firewall with IPTABLES and DMZ

    Most firewalls in the consumer world are ones that are either bought at Bestbuy or supplied by your ISP as an all-in-one type of network device. These devices, such as the Linksys WRT54GL, are good enough for most user’s home setups. Providing Wireless and Wired network access with built in Firewall security. Blocking most inbound network threats , and other unwanted requests that are not pre-established (i.e. return path from an outbound request). Some of these consumer routers can be even further enhance with a rich set of plugins and network tools by using custom firmwares. DD-WRT, Tomato, or openWRT are all interdependent communities, who develop custom firmware to be used with these consumer all-in-one routers. You can check your devices compatibility with their firmware at each of their websites.

    I for one own a Linksys WRT54GL router and have used both DD-WRT and Tomato. Both of these custom firmwares as well as the stock firware(Linksys) provide enough security, accessibly, and capacity for a typical consumer. However, that’s not what this article is about! This article is how to setup your own Network Firewall using a standalone Linux box! Woot!.

    Why build a standalone Network Firewall?

    [Read More…]

  • Inter-VLAN routing with Linux & PowerConnect 5324

    I recently purchased a 24-port Gigabit Layer 2 Switch that supports VLAN tagging and trunking. Dell PowerConnect 5324, see here, has 24 Ethernet ports and is capable of tagging and untagging Frames at wire speed. It is a discontinued model, however doing some googling I found a updated firmware and IOS image!

    Physical Topology

    The topology is pretty typical of “routing-on-a-stick” for Multiple VLANs. I have a Linux server running Ubuntu 12.04 with a single NIC and the Dell PowerConnect switch.

    Port configuration:
    Network 1 = g1 – g16
    Network 2 = g17 -g23

    802.1q Information:
    Switch Trunk Port = g24
    Router Trunk Port = eth1

    Logical Topology

    I have a single LAN I want logically separated using a single switch. The VLAN IDs are 100 & 200. The VLAN subnets and ports will be as follows;

    Subnets:
    VLAN 100 = 192.168.1.1/24
    VLAN 200 = 192.168.2.1/24

    VLAN Access Ports:
    VLAN 100 = g1 – g16
    VLAN 200 = g17 -g23

    [Read More…]

↓