You have installed Debian Linux on your firewall box, so you're ready to configure your network interface cards.
In Debian, you'll edit /etc/network/interfaces and /etc/iftab. /etc/iftab is part of the ifrename package.
First, configure the LAN NIC with a static IP address appropriate for your private addressing scheme. Don't use DHCP to assign the LAN address. Configure the WAN interface with the account information given to you by your ISP. These examples show you how to set a static local IP address and a dynamic external address.
Do not connect the WAN interface yet.
In this example, eth0 is the
LAN interface, and eth1 is the WAN
interface:
##/etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback #lan interface auto eth0 iface eth0 inet static address 192.168.1.26 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 #wan interface auto eth1 iface eth1 inet dhcp
If your WAN address is a static public routable IP address, configure the WAN interface using the information supplied by your ISP. This should include your ISP's gateway address, and your static IP address and netmask, like this:
auto eth1 iface eth1 inet static address 1.2.3.4 netmask 255.255.255.0 gateway 1.2.3.55
Then, add your ISP's DNS servers to /etc/resolv.conf (don't do this for a DHCP WAN address):
##/etc/resolv.conf nameserver 1.2.3.44 nameserver 1.2.3.45
There is one more step just for Debian: nail down the interface
names with ifrename. First, find the MAC
addresses of your interfaces with ifconfig
-a:
$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0B:6A:EF:7E:8D
[...]The MAC address is the HWaddr. Enter your two MAC addresses and
interface names in /etc/iftab:
##/etc/iftab eth0 mac 11:22:33:44:55:66 eth1 mac aa:bb:cc:dd:ee:ff
If /etc/iftab does not exist, you must create it.
The LAN address of your firewall is the gateway address you'll be setting on all of your LAN PCs, so don't complicate your life by using a dynamically assigned address.
Using ifrename is the easiest way to make sure your network cards keep the correct configurations on Debian systems. Usually, interfaces will come up in the same order, and the kernel will assign them the same names, but sometimes this can change (e.g., after a kernel upgrade or adding another network card). Your nice Linux firewall won't work with the network interfaces mixed up, so it is best to nail them down. An additional bonus is you can easily name your interfaces anything you want with ifrename. You might give them descriptive names like "lan" and "wan," instead of eth0 and eth1.
Routers typically run headless, without a keyboard or monitor. If your Ethernet-working gets all goofed up, and you cannot log in to your router, the serial console will save the day. See Chapter 17 to learn how to set this up.
autoStart the NIC when ifup
-a is run, typically in boot scripts. Interfaces are
brought up in the order they are listed. You may bring
interfaces up and down manually with ifup
and ifdown, like ifdown
eth0 and ifup eth0.
ifaceName of the interface.
inetThe name of the address family; inet = IPv4. Other choices are
ipx and inet6.
staticThe name of the method used to configure the interface,
either static or dhcp. Other choices are manual, bootp, ppp, and wvdial. manual lets you pass in
configurations using scripts, or with the up and down
commands. bootp receives
configurations from a remote boot server, and ppp and wvdial are for modems.
man 5 interfaces
man 8 ifconfig
man 8 ifrename
Chapter 10, "Network Configuration," of the Debian Reference Manual (http://www.debian.org/doc/manuals/reference/), available in several languages