Building an Internet Firewall/Gateway

By Gary Hoggard 25th April, 2004.



This document shows how to build a machine which will act as a firewall between your private home network and an internet connection. The machine can also be used as a print server and file server for the home network.  The author expects that the reader has some knowldge of Unix or Linux, especially at the shell (command) level.  There are many good tutorials available on the internet (a Google search for "linux tutorial" will reveal several). 

The firewall (shown below) will be an interface between your private home LAN (local area network) and the public Internet.  It is assumed that your home LAN is "star" configuration, that is, you use a multi-port ethernet switch connecting your PCs together.  These ethernet switches can be obtained from most computer resellers for about AUD$40.  It is also assumed that you will be connecting to the Internet via some broadband link (such as ADSL or cable).  Be sure that your ISP (internet service provider) installs an ADSL modem or cable modem with an ethernet port.  Some cable modems are installed via USB (universal serial bus).  These cable modems also have an ethernet port, but it would be better to get your ISP to configure the ethernet at installation time rather than having to change it. 

I have built a few of these firewalls for friends and family here in Australia.  The technology is, however, generic and should work anywhere that the assumptions (above) are met.  I have successfully configured this for OptusNet (cable), Telstra Bigpond (cable), and several ISPs who subcontract Telstra's ADSL network.  Now for the legal stuff... I wrote this for my own use.  If you use this, it's at your own risk and I don't guarantee or imply that any of it works. 

diagram of firewall LAN

Top   Exit

Hardware Requirements

The best thing about this design is that any old second-hand PC can be used.  There are a few things, however, that are assumed:
Top   Exit

Installing Linux

As there are many books, documents and web sites on how to install and configure Linux, I will not be describing it in much detail here.  As RedHat Linux is one of the most common varieties, I have shown below the answers to the install questions for RedHat Linux version 9.  These steps can be applied (without too much modification) for any version from RedHat Linux 7.3 (and also includes Fedora Core).  You will also find the information can readily be applied to other distributions of Linux. 

RedHat Linux 9 Installation

  1. Boot the install CD (CD #1) and keep clicking on "Next" until the "Installation Type" window is showing.  Select "Server" and click "Next".

  2. If your not sure how to partition the disk manually (or you don't care), select "Automatically partition" and pick the defaults until you get to "Network Configuration".

  3. Set "eth1" to use DHCP (this should be the default).  This interface will connect to your ADSL or cable modem.

  4. Set "eth0" to not use DHCP (click the "Edit" button).  This interface will connect to your home LAN switch.  Use the following settings for "eth0":

  5. On the "Firewall Configuration" window, select "No firewall" (we will configure this manually later).

  6. For "Additional Language Support", you may leave this as "English (USA)" as it only affects the loaded codeset.  If you prefer, you may select whatever language(s) you wish.

  7. Select your timezone and set a reasonable "root" password.

  8. On "Package group Selection", select "Everything" (scroll to the bottom to see this).  If you have less than 6GB of disk, you will have to select your own packages to make it fit.  The list below should help:

  9. Load CDs #2 and #3 when prompted.

  10. When the "Boot Diskette Creation" window is displayed, select "No, I don't want to create a boot diskette" and click "Next".

  11. On "Graphical Interface (X) Configuration", select "Skip X configuration" and click "Next".

  12. On the next screen, click "Exit" and remove the last CD when the door automatically opens (during the reboot process).

Top   Exit

Configuring Subsystems

This section describes how to set up various services and subsystems on your gateway server.  Although the commands shown below will work, the services are configured in a very basic way.  It is advisable to read the online manual pages for a better understanding of them. 

Log in to your gateway server as root and to run the commands below. 

Top   Exit

Configuring Your PC for the Home LAN

If you have configured your server to be a DHCP server, then your PC's network configuration should be set for "Automatic".  If you wish to manually configure your PC's network interface, then you will need the following information:
	IP address  = 192.168.100.x	where 'x' is a unique number from 2 - 254
	Netmask     =
	Gateway     =
	Primary DNS =
Top   Exit

----=== end of document ===----