Chapter 5. Adding Features to the Working Firewall
Prev Dachstein Installation Guide Next

Chapter 5. Adding Features to the Working Firewall

Table of Contents

Modify your Firewall for a Static External IP Address
Modify your Firewall for a Static Internal IP Address

Modify your Firewall for a Static External IP Address

If you do not receive your IP Address from your ISP's DHCP server, that is, you were given a static IP address, you will need to complete this procedure to configure your firewall with the static IP information. This procedure assumes that you have gone through the Initial Configuration already. Items that look like: <???_from_block_n> refer to block n from the Network Information Sheet.

  1. Boot the firewall, and log in as root.

  2. Press [q] then [Enter] to return to the shell.

  3. Mount the floppy disk into the file system:

    mount -t msdos /dev/fd0u1680 /mnt [Enter]

    for Dachstein floppy-only distributions -or-

    mount -t msdos /dev/fd0 /mnt [Enter]

    for Dachstein CD or dual-floppy firewalls

  4. Change to the /mnt directory:

    cd /mnt [Enter]

  5. Open the syslinux.cfg file in e3:

    e3 syslinux.cfg [Enter]

  6. Locate the line that begins default.

  7. Move the cursor to the part of that line that begins LRP=, and locate the entry for dhclient.

  8. Delete the dhclient and the comma immediately following it from this line.

  9. Press [Ctrl]-[s] to save the file.

  10. Press [Ctrl]-[q] to return to the shell.

  11. If you are running the Floppy-only distribution, go on to step 16.

  12. Open the lrpkg.cfg file in e3:

    e3 lrpkg.cfg [Enter]

  13. Delete the dhclient and the comma immediately following it from this line.

  14. Press [Ctrl]-[s] to save the file.

  15. Press [Ctrl]-[q] to return to the shell.

  16. If you are running the floppy-only distribution, delete the dhclient package from the disk:

    rm dhclient.lrp [Enter]

    Note

    This step is not actually required, however it will free up disk space should you wish to add other packages later. You may want to copy the dhclient.lrp package off to a floppy first, in case you want/need to add it back in later.

  17. Move to the root directory and unmount the floppy:

    cd / [Enter]
umount /mnt [Enter]

  18. Load the lrcfg script:

    lrcfg [Enter]

  19. Press [1] for Network Settings.

  20. Press [1] for Network Configuration. This will load the network.conf file into the e3 editor.

  21. Locate the line in the General Settings section that reads CONFIG_DNS=NO

  22. Change this line to read:

    CONFIG_DNS=YES

  23. Locate the line in the Interfaces section that reads IF_AUTO="eth1"

  24. Change this line to read:

    IF_AUTO="eth0 eth1"

  25. Scroll down to the eth0_* variables.

  26. Locate the line that reads eth0_IPADDR=1.1.1.2.

  27. Change this line to read:

    eth0_IPADDR=<ip_from_block_1>

  28. Locate the line that reads eth0_MASKLEN=30.

  29. Change this line to read:

    eth0_MASKLEN=<masklen_from_block_8>

  30. Locate the line that reads eth0_BROADCAST=+.

  31. Change this line to read:

    eth0_BROADCAST=<bcast_from_block_3>

  32. Locate the line that reads eth0_DEFAULT_GW=1.1.1.1

  33. Change this line to read:

    eth0_DEFAULT_GW=<ip_from_block_6>

  34. Locate the line in the IP Filter setup section that reads EXTERN_DHCP=YES.

  35. Change this line to read:

    EXTERN_DHCP=NO

  36. Scroll down to the Domain Search Order and Name Servers section (around line 620).

  37. Locate the line that reads DNS0=127.0.0.1.

  38. If you intend for your firewall to use DNS caching, leave this setting alone. If you wish for your firewall to check your ISP's DNS servers, make the following changes:

    DNS0=<ip_from_block_17>
DNS1=<ip_from_block_18>
...

  39. Press [Ctrl]-[s] to save this file.

  40. Press [Ctrl]-[q] to return to the menu.

  41. Press [q] then [Enter] to return to the main configuration menu.

  42. Press [b] to display the backup menu.

  43. Now back up the firewall. If your firewall was unmodified prior to performing this procedure, you need only back up the etc package.

Modify your Firewall for a Static Internal IP Address

This procedure describes converting your firewall to operate in an environment with static IP addressing internally (on the protected side). It is also useful in the event that you do not use the default 192.168.1.0 network address. This procedure assumes that you have gone through the Initial Configuration already. Items that look like: <???_from_block_n> refer to block n from the Network Information Sheet.

  1. Log into the firewall as root.

  2. If you will be using the default internal IP address of 192.168.1.254, press [q] then [Enter] to exit to the shell, and go on to step 20.

  3. At the configuration menu, select [1] for Network Settings.

  4. At the Network Configuration menu, select [1] for Network Configuration.

  5. In the Interfaces section, scroll down to the eth1_* variables.

  6. Locate the line that reads eth1_IPADDR=192.168.1.254.

  7. Change this line to read:

    eth1_IPADDR=<ip_from_block_9>

  8. Locate the line that reads eth1_MASKLEN=24

  9. Change this line to read:

    eth1_MASKLEN=<masklen_from_block_15>

  10. Locate the line that reads eth1_BROADCAST=+.

  11. Change this line to read:

    eth1_BROADCAST=<bcast_from_block_10>

  12. Scroll down to the Internal interface section.

  13. Locate the line that reads INTERN_NET=192.168.1.0/24.

  14. Change this line to read:

    eth1_BROADCAST=<netnum_from_block_14>/<masklen_from_block_15>

  15. Locate the line that reads INTERN_IP=192.168.1.254.

  16. Change this line to read:

    eth1_BROADCAST=<ip_from_block_9>

  17. Press [Ctrl]-[s] to save this file.

  18. Press [Ctrl]-[q] to return to the menu.

  19. Press [q] then [Enter], then [q] then [Enter] again to return to the shell.

  20. Mount the floppy disk into the file system:

    mount -t msdos /dev/fd0u1680 /mnt [Enter]

    for Dachstein floppy-only distributions -or-

    mount -t msdos /dev/fd0 /mnt [Enter]

    for Dachstein CD or dual-floppy firewalls

  21. Change to the floppy drive:

    cd /mnt [Enter]

  22. Edit the syslinux.cfg file:

    e3 syslinux.cfg [Enter]

  23. Locate the line that begins default linux.

  24. In this line, locate the section that begins LRP=.

  25. In this section, delete the dhcpd entry, and the comma following it.

  26. Press [Ctrl]-[s] to save this file.

  27. Press [Ctrl]-[q] to return to the shell.

  28. Edit the lrpkg.cfg file:

    e3 lrpkg.cfg [Enter]

  29. Delete the dhcpd entry, and the comma following it.

  30. Press [Ctrl]-[s] to save this file.

  31. Press [Ctrl]-[q] to return to the shell.

  32. Remove the dhcpd.lrp package fro the disk:

    rm dhcpd.lrp [Enter]

    Note

    This step applies to Floppy only distributions, and is optional. If you do not plan on adding additional packages to your firewall (thus no additional free space on the floppy is required) you can leave this file here. You may also want to copy this file to another floppy to maintain a copy in case you decide to add the dhcp server back in at a later time.

  33. Move to the root directory:

    cd / [Enter]

  34. Unmount the floppy disk:

    umount /mnt [Enter]

  35. Load the lrcfg script:

    lrcfg [Enter]

  36. Now back up the firewall. If your firewall was unmodified prior to performing this procedure, you need only back up the etc package. If you retained the default settings for the IP address (that is, you skipped steps 3 - 19) you do not need to back up the firewall.

Prev Up Next
Chapter 4. Preliminary Installation Home Chapter 6. Firewall Operation