ADSL/Stealth + FB address
|
|
|
 |
 |
ADSL non-NAT installation
Router has single subnet
PCs using real internet addresses
FireBrick allocated a real address also |
 |
 |
 |
|
|
|
|
|
|
|
In this configuration the FireBrick operates in stealth mode but has
a real address. This is normally done to allow external access to the FireBrick
configuration.
-
Pick an address for the FireBrick
-
Create a LAN subnet with that address and the appropriate subnet, marked
stealth
-
Create a WAN subnet with that address and the appropriate subnet, marked
stealth. Ensure this is after the LAN subnet
-
Set the gateway on the FireBrick to the router on the WAN
-
PCs can have the router or the FireBrick as their gateway
-
Always ensure all PCs, and the firebrick subnets have the subnet mask allocated
by the ISP.
-
Adjust filters as required
For external access to FireBrick web management pages :-
-
Enable a filter allowing WAN to FireBrick for at least TCP port 80
-
Ensure the admin user has a password, and disable the view and edit rigths
for the nobody user
-
Set the required user to WAN access, and the nobody user to WAN access
(to allow the login)
If DHCP allocation to PCs is required :-
-
Set the DNS server address in the FireBrick so the FireBrick can be used
as a DNS relay
-
Pick a range of addresses for DHCP use, and set these on the FireBrick
LAN subnet
-
Mark the LAN subnet as not stealth - this allows the DHCP server to work
correctly
-
Add a route from LAN to WAN with target IP of the router and proxy ARP.
This allows access to the router.
-
Ensure PCs are set to automatic IP and (for windows) DNS disabled.
This example equally applies to :-
-
Any installation with a router and a single subnet
-
BT net start lines
-
Existing network installations with a router