ADSL

Top  Previous  Next

In this scenario we will configure Gibraltar on a computer which is connected to the Internet via ADSL PPTP. The public IP address is assigned dynamically. Gibraltar will be configured as the gateway of a small local network. The hosts in the internal network will receive their IP addresses via DHCP. The users of the internal network can use all services of the Internet. There should be no access to the internal network from the outside.

 

szenario1

 

System Requirements

Computer with two compatible network interfaces or a Gibraltar Security Gateway and an ADSL PPTP modem.

 

Note: All stated values are only examples. You have to adapt these values to your individual needs.

 

Installation of Gibraltar

 

Please install Gibraltar as described in chapter Installation.

 

System configuration

 

First you must set general system settings.

 

1.Choose System in the main menu.
2.Choose the card General settings.        
3.System name: Enter the desired name of the system in this text field (e.g. "gibraltar").
4.Domain: Enter the name of the domain, Gibraltar should be integrated in, in this text field (e.g. "gibraltar.at").
5.Time zone: Choose the time zone in which you are running Gibraltar.
6.Mail of Admin: Enter the e-mail address of the administrator in this text field. You will receive system messages from Gibraltar on this email address.
7.Save: Click this button to save the changes.

 

Network settings - Network interface cards

 

Set the IP addresses of the network interface cards of the Gibraltar firewall. Both the external and the internal network interface get static IP addresses. The external IP address is used for connecting to the ADSL modem of the ISP.

 

1.Choose Network in the main menu.
2.Choose the tab of the interface eth0.
3.Interface: Enter the name of the network interface card in this text field (e.g. "int0" to be able to define the network card for the intranet explicitly).
4.Start automatically: Mark this checkbox to start the network interface automatically, when Gibraltar boots.
5.IP address: Choose the option field static to allocate the IP address for this network interface statically.
6.Static IPs: Change the IP address in the text field IP address/netmask (CIDR-notation: e.g. 192.168.0.1/24) to the IP address you intend for Gibraltar.
7.Save: Confirm your changes with clicking the button Save.
8.Choose the tab of the interface eth1.
9.Interface: Enter the name of the NIC in this text field (e.g. "ext0" to identify the NIC as external network clearly).
10.Start automatically: Mark this checkbox to start the network interface automatically when Gibraltar boots.
11.IP address: Choose the option field static to allocate the IP address for this NIC statically.
12.Static IPs: Change the IP address in the text field IP address/netmask to the IP address your ISP told you to connect to the ADSL modem (CIDR Notation: e.g. 10.0.0.140/24).
13.Save: Confirm your changes with clicking the button Save.

       

ATTENTION: By changing the IP address on the network card which you use for access to Gibraltar, the connection is interrupted. Please adapt the IP address on your work station computer as well.

 

Connect your ADSL modem with the interface ext0 of Gibraltar now.

 

Network settings - Routing

 

You do not have to set a configuration on this card, because the settings for the standard route are done with configuring the modem. Please read the information of your ISP carefully. There are many different possibilities to configure ADSL modems correctly.

 

Dial-in via PPTP

 

This section defines the settings for the ADSL PPTP connection. The Gibraltar starts a PPTP connection to the modem to start connecting to the Internet. You need the information you got from your ISP for your ADSL connection.

 

1.Choose Network in the main menu.
2.Choose Dial-in in the sub menu.
3.Choose the card ADSL PPTP.
4.Add connection: Click this button to add a new connection. You will be forwarded to a detail form.
5.Name: Enter the name for this connection in this text field. You need the name to identify the connection in the overview of the card ADSL PPTP. Therefore the chosen name has to be unique (also from ADSL connections).
6.IP address of modem: Please enter here the internal IP address of your modem (e.g. 10.0.0.138).
7.User name: Enter the user name your provider set for you in this text field.
8.Password and Password (confirmation): Enter the password your provider set for you in these text fields.
9.Start automatically: Mark this checkbox to start the connection automatically when Gibraltar boots.
10.Default route: Mark this checkbox to use this connection as the default route.
11.Set the other options as you are told by your provider or as you need for your personal situation.
12.Save: Confirm your changes with clicking the button Save.
13.Start connection start: Click this button to build up the connection to your provider by your modem. If you activate Dial on demand the connection will be built up automatically as soon as the client demands an Internet provider.

 

Firewall rules

 

This section shows the configuration of the firewall rules. The client computers in the local network get unrestricted access to the Internet. Gibraltar is used as DNS server for the client computers. Therefore we must allow DNS requests from the internal network to Gibraltar.

 

1.Choose Firewall in the main menu.
2.Choose the tab Firewall rules.
3.Interface: Choose the value "int0" for the network interface card (or the name of your network interface card) from the select box incoming and the value "ppp+" for your modem from the select box outgoing. Click the button Go!. GibADMIN now displays all filter rules for the packets that come from the network card "int0" and go to the modem "ppp+". We want to allow all requests in this direction.
4.Add Rule: Click this button to add a new rule for this direction ("int0 -> ppp+"). You will be forwarded to a detail form.
5.Source address: Choose ANY from the drop down field to allow all source addresses.
6.Destination address: Choose ANY from the drop down field to allow all destination addresses.
7.Comment: Enter any comment you like. You do not need to configure the other fields for our configuration aim.
8.Target: Choose ACCEPT to allow all matching packets.
9.Save: Confirm your changes with clicking the button Save.
10.Incoming: Choose the value "int0".
11.Outgoing: Choose the value "local".
12.Go!: Click this button, to get displayed the filter rules that handle packets that come from the internal network and are determined locally for the firewall.
13.Source address: Choose ANY from the drop down field to allow all source addresses.
14.Destination address: Choose ANY from the drop down field to allow all destination addresses.
15.Service: Choose "dns" to allow DNS inquiries to the firewall.
16.Save: Confirm your changes with clicking the button Save.

 

NAT rules

 

The outgoing network traffic must be masqueraded with the external IP address.

 

1.Choose NAT in the main menu.
2.Choose the track "outgoing ppp+" from the select box on the tab NAT rules, because all packets that leave the firewall via modem have to be disguised with the public IP address.
3.Add rule: Click this button to add a new rule. You will be forwarded to a detail form.
4.Source IP address: Enter the network address 192.168.0.0/24, because all packets that come from the internal network and leave the firewall via modem have to be altered.
5.Target: Choose the value MASQUERADE from this select box because we get the public IP address dynamically and so we can not disguise it with a fix IP address. If you choose MASQUERADE you are not allowed to enter a value in the textfield --to.
6.Save: Confirm your changes with clicking the button Save.

 

DHCP-Server

 

Configure the DHCP server for the local network.

 

1.Choose Network in the main menu.
2.Choose DHCP server in the sub menu.
3.Choose the card General settings.
4.Domain: Enter the domain, the DHCP clients should be allocated to in this text field.
5.Save: Confirm your changes with clicking the button Save.
6.Choose the tab int0.
7.Activate DHCP: Mark this checkbox to activate DHCP for this network interface.
8.IP address: Choose the IP address from the select box by which dynamic IP addresses should be allocated (192.168.0.1).
9.IP-range: Click the button Add range to add a new IP-range.
10.From IP: Enter the first IP address, that should be assigned dynamically in this text field (192.168.0.10).
11.To IP: Enter the last IP address that should be assigned dynamically in this text field (192.168.0.20). Therewith IP addresses from 192.168.0.10 to 192.168.0.20 will be assigned to clients dynamically.
12.DNS Server: Click the button Add server to add a DNS server.
13.IP address: Enter the IP address of your DNS server in this text field. As Gibraltar is configured as a DNS server, you can enter 192.168.0.1.
14.Router: Click the button Add router to add a router.
15.IP address: Enter the IP address of your router in this text field in the element group Router. As you have configured Gibraltar as a router you can enter 192.168.0.1.
16.Save: Confirm your changes with clicking the button Save.

 

Services

 

Activate the service DHCP server to start it automatically at boot time or start it right now.

 

1.Choose Services in the main menu.
2.Available services: Select the option On next to DHCP server. Thus the DHCP server will be started automatically, when Gibraltar reboots.
3.Save: Confirm your changes with clicking the button Save.
4.Start service start: Click this button next to DHCP server, if the DHCP server is not started yet. Thereby the service will start. The state will change to (started) and the button to Stop service stop.

 

Save config

 

1.Save your configuration on an USB-stick or to the HDD.