Private IP firewall question

Hello all:

Is it possible to use rc.firewall, ipchains, or another solution to
create pretty good firewalling rules even though I can only assign
private IPs to my ethernet cards? (I can control the (apple airport)
router, but cannot replace it out with my linux box directly).

details:
My landlord shares his wireless DSL with the rest of the folks in the
house/apartment. He has an Airport router which serves up DHCP (and
receives a single dynamic IP from the provider). I am running a
webserver behind the router through dyndns.org and now I would like to
put rc.firewall (or something) in place with some good rules. The
only problem is I can only assign my ethernet cards private IPs.

Is there a good ruleset somewhere that addresses this set up? I'm
guessing this would be nearly impossible since everything is private
IP.

Any help would be appreciated. Thanks in advance to the group for
advice.

Alex

Alex wrote:

> Hello all:
>
> Is it possible to use rc.firewall, ipchains, or another solution to
> create pretty good firewalling rules even though I can only assign
> private IPs to my ethernet cards? (I can control the (apple airport)
> router, but cannot replace it out with my linux box directly).
>
> details:
> My landlord shares his wireless DSL with the rest of the folks in the
> house/apartment. He has an Airport router which serves up DHCP (and
> receives a single dynamic IP from the provider). I am running a
> webserver behind the router through dyndns.org and now I would like to
> put rc.firewall (or something) in place with some good rules. The
> only problem is I can only assign my ethernet cards private IPs.
>
> Is there a good ruleset somewhere that addresses this set up? I'm
> guessing this would be nearly impossible since everything is private
> IP.
>
> Any help would be appreciated. Thanks in advance to the group for
> advice.
>
> Alex

Speaking theoretically:

I am not familiar with that make of router, but if it behaves as the
majority of dsl routers, then the ip address assigned by the service
provider will belong to your landlord's router and the landlord' dhcp
server daemon will assign addresses in a private ip range to the
machines connected to it.

In turn, if you have a router to drive your machines, your router will
own the private ip address assigned by the router and you would use a
different private ip range inboard of the router.

So it would be normal for everything inboard of your router to be in a
private ip range. Your local net should have a private ip range that is
different than that which your landlord's router's dhcp server daemon
is using.

Your server uses a dhcp client to get a private ip address from the
landlord's router's dhcp daemon. Your server then uses a dhcp server
daemon to assign a different range of ip addresses to your computers.
Your computers use dhcp clients to get ip addresses from your own
server and they don't care what ip addresses are being used outside of
the router so long as the dhcp daemons all pass on correct gateway and
dns server addresses.


Clive

Clive

Thank you for that! Here I was getting all complicated and forgot to
look at the simple solution. I appreciate your help and will deploy
presently!

Alex

Clive Dove <(E-Mail Removed)> wrote in message news:<tVbhc.223484$(E-Mail Removed) ble.rogers.com>...
> Alex wrote:
>
> > Hello all:
> >
> > Is it possible to use rc.firewall, ipchains, or another solution to
> > create pretty good firewalling rules even though I can only assign
> > private IPs to my ethernet cards? (I can control the (apple airport)
> > router, but cannot replace it out with my linux box directly).
> >
> > details:
> > My landlord shares his wireless DSL with the rest of the folks in the
> > house/apartment. He has an Airport router which serves up DHCP (and
> > receives a single dynamic IP from the provider). I am running a
> > webserver behind the router through dyndns.org and now I would like to
> > put rc.firewall (or something) in place with some good rules. The
> > only problem is I can only assign my ethernet cards private IPs.
> >
> > Is there a good ruleset somewhere that addresses this set up? I'm
> > guessing this would be nearly impossible since everything is private
> > IP.
> >
> > Any help would be appreciated. Thanks in advance to the group for
> > advice.
> >
> > Alex
>
> Speaking theoretically:
>
> I am not familiar with that make of router, but if it behaves as the
> majority of dsl routers, then the ip address assigned by the service
> provider will belong to your landlord's router and the landlord' dhcp
> server daemon will assign addresses in a private ip range to the
> machines connected to it.
>
> In turn, if you have a router to drive your machines, your router will
> own the private ip address assigned by the router and you would use a
> different private ip range inboard of the router.
>
> So it would be normal for everything inboard of your router to be in a
> private ip range. Your local net should have a private ip range that is
> different than that which your landlord's router's dhcp server daemon
> is using.
>
> Your server uses a dhcp client to get a private ip address from the
> landlord's router's dhcp daemon. Your server then uses a dhcp server
> daemon to assign a different range of ip addresses to your computers.
> Your computers use dhcp clients to get ip addresses from your own
> server and they don't care what ip addresses are being used outside of
> the router so long as the dhcp daemons all pass on correct gateway and
> dns server addresses.
>
>
> Clive

Clive

Thank you for that! Here I was getting all complicated and forgot to
look at the simple solution. I appreciate your help and will deploy
presently!

Alex

Clive Dove <(E-Mail Removed)> wrote in message news:<tVbhc.223484$(E-Mail Removed) ble.rogers.com>...
> Alex wrote:
>
> > Hello all:
> >
> > Is it possible to use rc.firewall, ipchains, or another solution to
> > create pretty good firewalling rules even though I can only assign
> > private IPs to my ethernet cards? (I can control the (apple airport)
> > router, but cannot replace it out with my linux box directly).
> >
> > details:
> > My landlord shares his wireless DSL with the rest of the folks in the
> > house/apartment. He has an Airport router which serves up DHCP (and
> > receives a single dynamic IP from the provider). I am running a
> > webserver behind the router through dyndns.org and now I would like to
> > put rc.firewall (or something) in place with some good rules. The
> > only problem is I can only assign my ethernet cards private IPs.
> >
> > Is there a good ruleset somewhere that addresses this set up? I'm
> > guessing this would be nearly impossible since everything is private
> > IP.
> >
> > Any help would be appreciated. Thanks in advance to the group for
> > advice.
> >
> > Alex
>
> Speaking theoretically:
>
> I am not familiar with that make of router, but if it behaves as the
> majority of dsl routers, then the ip address assigned by the service
> provider will belong to your landlord's router and the landlord' dhcp
> server daemon will assign addresses in a private ip range to the
> machines connected to it.
>
> In turn, if you have a router to drive your machines, your router will
> own the private ip address assigned by the router and you would use a
> different private ip range inboard of the router.
>
> So it would be normal for everything inboard of your router to be in a
> private ip range. Your local net should have a private ip range that is
> different than that which your landlord's router's dhcp server daemon
> is using.
>
> Your server uses a dhcp client to get a private ip address from the
> landlord's router's dhcp daemon. Your server then uses a dhcp server
> daemon to assign a different range of ip addresses to your computers.
> Your computers use dhcp clients to get ip addresses from your own
> server and they don't care what ip addresses are being used outside of
> the router so long as the dhcp daemons all pass on correct gateway and
> dns server addresses.
>
>
> Clive

Alex wrote:

> Is it possible to use rc.firewall, ipchains, or another solution to
> create pretty good firewalling rules even though I can only assign
> private IPs to my ethernet cards?

Certainly. There's no difference between those "private" addresses and any
other, except they're supposed to be blocked from the Internet.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.