Internet-Gateway

Top  Previous  Next

Configuration of Gibraltar as a gateway to the Internet with a static public IP address. Gibraltar should protect the internal network and allow all clients to use any Internet services. There should be no access to the internal network from the outside. This scenario can be used as base configuration for most of the common broadband connections.

 

szenario2

 

System Requirements

Computer with two compatible network interfaces or a Gibraltar Security Gateway. Broadband Internet connection with a static IP address (e.g. XDSL).

 

Note: All stated values are only examples. You have to adapt these values to your individual needs.

 

Installation of Gibraltar

 

Please install Gibraltar as described in chapter Installation.

 

System configuration

 

System configuration as described in Scenario 1.

 

Network settings - Network interface cards

 

Set the IP addresses of the network interface cards of the Gibraltar firewall. Both the external and the internal network interface get static IP addresses.

 

1.Choose Network in the main menu.
2.Choose the tab of the interface eth0.
3.Interface: Enter the name of the network interface card in this text field (e.g. "int0" to be able to define the network card for the intranet explicitly).
4.Start automatically: Mark this checkbox to start the network interface automatically, when Gibraltar boots.
5.IP address: Choose the option field static to allocate the IP address for this network interface statically.
6.Static IPs: Change the IP address in the text field IP address/netmask (CIDR-notation: e.g. 192.168.0.1/24) to the IP address you intend for Gibraltar.
7.Save: Confirm your changes with clicking the button Save.
8.Choose the tab of the interface eth1.
9.Interface: Enter the name of the NIC in this text field (e.g. "ext0" to identify the NIC as external network clearly).
10.Start automatically: Mark this checkbox to start the network interface automatically when Gibraltar boots.
11.IP address: Choose the option field static to allocate the IP address for this NIC statically.
12.Static IPs: Change the IP address in the text field IP address/netmask to the IP address your ISP told you to connect to the ADSL modem (CIDR Notation: e.g. 4.3.2.1/30).
13.Save: Confirm your changes with clicking the button Save.

       

ATTENTION: By changing the IP address on the network card which you use for access to Gibraltar, the connection is interrupted. Please adapt the IP address on your work station computer as well.

 

Network settings - Routing

 

Configuration of the default route (standard gateway).

 

1.Choose Network in the main menu.
2.Choose the card Routing.
3.Default route: Enter the default route in this text field. You get the value for the default route from your provider.
4.Save: Confirm your changes with clicking the button Save.

 

Firewall rules

 

This section shows the configuration of the firewall rules. The client computers in the local network get unrestricted access to the Internet. Gibraltar is used as DNS server for the client computers. Therefore we must allow DNS requests from the internal network to Gibraltar.

 

1.Choose Firewall in the main menu.
2.Interface: Choose the value "int0" from the select box incoming for the internal network interface and the value "ext0" from the select box outgoing for the external network interface. Click the button Go!. GibADMIN now displays all filter rules for the packets that come from the network interface "int0" and go to the network interface "ext0". We want to allow all requests in this direction.
3.Add rule: Click this button to add a new rule for this direction ("int0 -> ext0"). Your will be forwarded to a detail form.
4.Source: Choose ANY from the selection box to allow all source addresses.
5.Destination: Choose ANY from the selection box to allow all destination addresses.
6.Comment: Enter a comment about the rule. You do not have to configure the other fields in this case.
7.Save: Confirm your changes with clicking the button Save.
8.Incoming: Choose the value "int0".
9.Outgoing: Choose the value "local".
10.Go!: Click this button. Now GibADMIN displays all filter rules for the packets that come from "int0" and are determined locally for the firewall.
11.Source: Choose ANY from the selection box to allow all source addresses.
12.Destination: Choose ANY from the selection box to allow all destination addresses.
13.Service: Choose "dns" to allow DNS requests to Gibraltar.
14.Save: Confirm your changes with clicking the button Save.

 

NAT rules

 

The outgoing network traffic must be masqueraded with the external IP address.

 

1.Choose NAT in the main menu.
2.Track: Choose "outgoing ext0" from the selective list on the card NAT rules, because all packets that leave the firewall via network interface "ext0" have to be disguised with the public IP address.
3.Add rule: Click this button to add a new rule. You will be redirected to a detail form.
4.Source IP address: Enter the value 192.168.0.0/24 because all packets that come from the internal network and leave the firewall by the external network interface card have to be disguised.
5.Target: Choose the value "SNAT" from this select box, because the source IP address has to be disguised with your fix, public IP address.
6.--to: Enter your public IP address you got from your provider (e.g. 4.3.2.1). Thereby all packets that go from the internal network to outside are disguised with this IP address.
7.Save: Confirm your changes with clicking the button Save.

 

DHCP server

 

DHCP server settings as described in scenario 1.

 

Services

 

Activate the service DHCP server as shown in scenario 1.

 

Save config

 

1.Save your configuration on an USB-stick or to the HDD.        

 

With these settings your Gibraltar firewall is configured and the client computers should have unrestricted access to the Internet.