ADSL/Stealth with external machines


 
LAN PC LAN PC ADSL non-NAT installation
Router has single subnet
PCs using real internet addresses
FireBrick not to use up an address
Some machines outside of firewall
Internet Router LAN FireBrick LAN PC
LAN PC LAN PC

In this configuration the FireBrick operates in a full stealth mode, not using one of the addresses allocated by the ISP. Some of the PCs are on the LAN side and some are on the WAN side. This is usually done where the external machines are carefully configured to be secure, but if the external machines are compromised then this does not allow access to the internal machines.

The FireBrick provides no protection for the PCs on the outside.

  1. The FireBrick will operate out of the box with no extra configuration if required
  2. PCs on the LAN must have the router address as their gateway address
  3. Access the FireBrick config from a PC on the LAN using http://my.firebrick.co.uk/
  4. Adjust filters as required
For clock setting, and any external communication from the FireBrick such as emailed logs :-
  1. Pick one of the PC addresses for a PC that is normally on and on the LAN side
  2. Set this as the WAN stealth address in the setup menu
  3. Set the router address as the gateway in the setup menu
This example equally applies to :-
  1. Any installation with a router and a single subnet
  2. BT net start lines
  3. Existing network installations with a router
In such cases, a second FireBrick is normally recommended. In this case, you may wish to change the LAN stealth address of the outer FireBrick to a different address, such as 217.169.0.2, so that it can be accessed from PCs on the inside without picking up the internal FireBrick by mistake.
 
LAN PC LAN PC ADSL non-NAT installation
Router has single subnet
PCs using real internet addresses
FireBrick not to use up an address
Some machines outside of firewall
Second FireBrick provides outside protection
Internet Router FireBrick LAN FireBrick LAN PC
LAN PC LAN PC