riskless.com
FirewallPro - HOME arrow Design Library
Thursday, 19 November 2008
 
 
Overview
Hardware Requirements
Installing the Firewall
Configuration
Setting Up a Connection

We provide:

Hardware firewall, linux firewall, firewall setup, firewall software, configure firewall, firewall settings, firewall configuration, dmz firewall, firewall appliance, business firewall, network firewall, internet firewall, application firewall, network security firewall.

Home Networking Overview
Essential Tips to ensure the success of your firewall instalation ....
Read more...
 
Home Networking Overview

More complete tutorials of home networking can be found on the web. A good place to start looking is the Linux Documentation Project Network Administrators Guide [http://www.tldp.org/LDP/nag2/].

IPCop requires Ethernet connections for your GREEN and optionally your ORANGE and BLUE network interfaces. We will cover simple wiring and IP addressing well enough to get you through your IPCop installation.

Wiring

Unless you wind up with very old Ethernet cards, your Network Interface Cards or NICs will probably support one or two speeds on the network, 10 megabit, 10BaseT, or 100 megabit, 100BaseT. You can recognize these cards by the square connector on the back, called an RJ45 connector. If your cards have a different connector, check your manufacturer’s web site.

Unless you have a very fast leased line connection to the Internet, 10BaseT cards will do for your NICs. Cable modems only transfer at 3 Megabits/sec. ADSL modems cannot go faster than 8 Megabits/sec.

You will be connecting the computers on your GREEN network to the IPCop computer on IPCop’s internal GREEN NIC. If you have ORANGE or BLUE networks then these should be connected to the relevant NIC.

Only one computer on GREEN, BLUE or ORANGE

If there is only one computer on your network, all you will need is a single category 5 crossover cable. You can recognize a crossover cable by holding the transparent RJ45 connectors at each end next to each other. If the wires in the connector attach to different pins at either end of the cable, you have a cross over cable. Otherwise you have a straight through cable.

Connect IPCop and your computer to each other with the crossover cable. You have just set up your simple network.

Multiple Computer Networks

If you have more than the IPCop and a single computer on the same network, you will need to add another piece of hardware called a hub or a switch. The Ethernet protocol sends message packets to all computers on a network out of a single port, so all other computers on that network have to be able to see their packets, and be able to send packets to the other computers on that network.

If you have a hub or a switch, you will have to plug each computer on a network into the hub or switch via a straight through category 5 cables. Make sure each cable is a straight through cable by holding the transparent RJ45 connectors at each end of the cable next to each other. If the wires at each end attach to the same pins, you have a straight through cable.

IP Addressing

Format of an Address

An IP address consists of four numbers, ranging from 0 to 255, connected with dots, i.e. 192.168.1.1. This format is called a dotted IP address. Each computer on your networks needs a different IP address. Depending on your network configuration, IPCop needs between one and four different IP addresses.

Networks

An IP network consists of two or more computers with IP addresses in the same range. The network mask determines the ranges. Even though they are not mandatory any more, there are several default network masks based on the first number in the dotted IP address.

Network Address Classes

Class A networks’ first numbers range from 1 to 126 (127 is special). These networks, with their default network mask of 255.0.0.0, allow over 16 million computers to be on the same network. Computers on the 4.x.y.z network, are on the same network. While computers on the 5.x.y.z network are on a different class A network. The IP address of x.0.0.0 designates the entire network and the IP address of x.255.255.255 designates a broadcast to every computer on the network.

Class B networks’ first numbers range from 128 to 191. These networks with their default network mask of 255.255.0.0 allow over 65 thousand computers to be on the same network. Computers on the 190.4.y.z network, are on the same network. While computers on the 190.5.y.z network are on a different class B network. The IP address of x.y.0.0 designates the entire network and the IP address of x.y.255.255 designates a broadcast to every computer on the network.

Class C networks’ first numbers range from 192 to 203. These networks with their default network mask of 255.255.255.0 allow over 250 computers to be on the same network. Computers on the 193.4.5.z network, are on the same network. While computers on the 193.4.6.z network are on a different class C network. The IP address of x.y.z.0 designates the entire network and the IP address of x.y.z.255 designates a broadcast to every omputer on the network.

Private Address Ranges

Why should you care about this?

The powers that be have designated several IP address ranges as private in RFC1918 [ftp://ftp.isi.edu/innotes/rfc1918.txt]. If packets addressed to or from one of these ranges leak out onto the Internet they will be discarded.

One of IPCop’s features is Port Address Translation or PAT. Using this technique any conversations over the Internet will appear to originate from IPCop’s RED network address. To help shield your GREEN, BLUE and ORANGE networks from malicious users, you should use private address ranges for your network(s). Remember, your GREEN, BLUE and ORANGE networks must have different network addresses.

The private address ranges are:

  • • 10.0.0.0 - A class A network. You can conceivably have over 16 million computers on this network.
  • • 172.16.0.0 through 172.31.0.0 - 16 class B networks. You can conceivably have over 64 thousand computers on each network.
  • • 192.168.0.0 through 192.168.255.0 - 256 class C networks. You can conceivably have over 250 computers on each network.

You can, if you wish, subdivide each network using a custom network mask. For example, if you wish to keep both your GREEN and ORANGE networks in the same private range, and you don’t expect to ever need 32 thousand computers, you can use 172.16.0.0 with a network mask of 255.255.128 as your GREEN network and 172.16.128.0 with the same network mask as your ORANGE network. You will still have the ability to have over 32 thousand computers on each network.

 
Top! Top!