Well I finally got the firewall mostly working: all the personal machines are behind charlesmartel on the 192.168.x.x private net, whilst bunter is doing all the hosting in the DMZ and Charlie routes and firewalls.
BTW, IMO DMZ is the wrong term. We’ve got a partial castle metaphor going with ‘bastion host’, let’s push it. It’s not a DMZ anyway…There’s a firewall on the router to keep out the most bogositous stuff, and then a tighter firewall protecting the family boxes. So it’s the outer bailey, between the layers of fortification. A DMZ is ‘no mans land’ which is different.
Anyway, it seems that everything except plain old http is broken. SMTP-Auth seems to still be working but it takes forever, but pop3s isn’t (bunter won’t talk to us), pop3 is also taking forever. I may have to park a workstation in the outer bailey for a while to figure out what the problem is. (I don’t trust charlesmartel, since he is the firewall.)
And I wrote an entry here earlier today and it seems to have gone to never-never land. This time I’ll verify its’ presence before closing the browser.
However it looks like things sort of work, and if we ever get a connection (Global Crossing can’t see the loop between our house and the CO) I can log on to bunter to get things running. I won’t activate the router firewall till the connection works.
In preparation for this exercise I read Red Hat Linux Firewalls, by Bill McCarty. Excellent book I could read it without tearing my hair, but still felt that I was learning stuff. For sure I still copied the example when setting up my own firewall (BTW, a download site for that multipage typing exercise would be a nice bit of lagniappe for the book), but when I then set out to modify it, I felt I really knew what I was doing.
However there were a few things I still had to puzzle out:
1. A range statement in dhcpd.conf needs to be inside a subnet statement. This is an error in the Red Hat 8 Bible from Sam’s.
2. You need to turn on IP forwarding if you want your firewall to work.
Traceroute and ping are also still not working fully. This is way too much like work.
Nonetheless, I think it’s time to get Lisa’s garden journal up. The seeds got started two weeks ago. This means getting “Gallery” running, then creating an MT script to show things the way she wants.
Sheesh, why do I want a day job. I have enough things I want to do to keep me busy 25 hours/day for years.