Injoy Firewall
ADSL
Text Version
TCP/IP
Text Version
web/2
Must have
own written
Spamfilter
How mail works
User groups
dealers
Home Pages
IBM/ECS
| OS2FORCE.CH | TCP/IP | |
| Setup | Servers / Software / SPAM | LINKS |
| PEER
Injoy Firewall ADSL Text Version TCP/IP Text Version |
Weasel Mailserver
web/2 Must have own written Spamfilter How mail works |
Web Infos & Antispamlist
User groups dealers Home Pages IBM/ECS |
 |  |  |
Setup of a ADSL Router with the Injoy Firewall.
As Router i have a Zyxel 650R
We connect router this way:
TCP/IP Setup is for a beginner not simpel.
On Warp 4 open System-> Systemkonfiguration ->TCP/IP-Konfiguration
We fill out the TCP/IP Adresse manuelly or by DHCP. Injoy Firewall has DHCP included. if we do the IP's naually we know from the beginning wich host has wich IP.
Al IP we can use these ardesses:
10.0.0.0 to 10.255.255.255 :
Maximal number of Hosts : 16'777'216
Networkmask 255.0.0.0 to 255.255.255.255
172.16.0.0 to 172.31.255.255
Maximal number of hosts : 2'097'152
Networkmasc 255.31.0.0 to 255.255.255.255
192.168.0.0 to 192.168.255.255
Maximalnumber of hosts : 65536
Networkmask 255.255.0.0 to 255.255.255.255
Do we need a Netwokmask??
Yes, lets look at a few exampels with a adress range from 192.168.0.0
to 192.168.255.255
With a networkmask 255.255.0.0 we reach all PC's. With a networkmask
255.255.255.0 we reach only the range of PC's wich have ther first three
numbers common.
If we have a network, we can split this network in two or more parts.
Part one is IP 192.168.1. 0 to 192.168.1.255
The second part is IP 192.168.2.0 to 192.168.2.255
To different both parts, we use a different networkmask.
With the networkmask 255.255.0.0 the first two numbers are equal. You
see all PC's in both parts. With the networkmask 255.255.255.0 we see only
one part of the network.
We can gain different acess for different groups.
Normaly, we use the following konfiguration :
IP 192.168.x. 0 to 192.168.x.255 with a networkmask 255.255.255.0
On the firewall PC, we activate another network. Usually network 0 for
internal use and network1 for the internet.
In any case we activate the internal loop. this ist needed, when we
have on the own PC a internal server. loopback
interface:
IP is 127.0.0.1 Networkmask is not needed.
We st the default as 192.168.1.254 And the numbers of nodes we use to get acess to the internet. On warp4 you also need a route for the Net.
Host name is the name of the PC. The Domainname is in this example os2force.ch. The komplet name is master.os2force.ch As DNS write the DNS you got from your ISP. So don't use the entrys on this page.
We write the IP- Adresses of our PC's in our Net, and the Host name. The TCP/IP host name can, but don't has to be the same as we use as Peername.
ECS, is the same exept it has another interface and it does not need's theroute for the Network.
Both write theyr datas in to this files:
x:\MPTN\ETC\hosts
127.0.0.1 localhost
192.168.1.15
Serv
Mail
192.168.1.10 Notebook
192.168.1.254 Fire
IP Nummer, Hostname Aliasname for this Host.
This files are needed:
x:\MPTN\ETC\servises and
x:\MPTN\ETC\protocols
By missing of it ICMP ( Internet Control Management Program ) wont work. Ping and other programms dont do. Because Ping does not answers this PC an others sending the ping will hang. We copi this files from the installation CD. Warp4 and ECs haver different versions of this files !!
The file RESOLV2 has this entrys:
domain Dummi.net
nameserver first DNS
nameserver second DNS
If we don't have a own domain, we give our internal net a own name.
Domain: ownName.Dummi.net
DNS :
Both DNS musst be from a free DNS or from our provider. exept we have
our own DNS running.
x:\MPTN\bin\SETUP.CMD
route -fh
arp -f
ifconfig lo 127.0.0.1
ifconfig lan0 192.168.1.11 netmask 255.255.255.0
REM ifconfig lan1 192.168.1.11 netmask 255.255.255.0
REM ifconfig lan2
REM ifconfig lan3
REM ifconfig lan4
REM ifconfig lan5
REM ifconfig lan6
REM ifconfig lan7
REM ifconfig sl0
route add default 192.168.1.254 1
route add net 192.168.1 192.168.1.254 1 netmask 255.255.255.0 >null
ipgate off
The line route add default has the IP of the router, means of the firewall PC.
The Setup.cmd of the Firewall injoy looks a bit different:
route -fh
arp -f
ifconfig lo 127.0.0.1
ifconfig lan0 192.168.1.254 netmask 255.255.255.0
ifconfig lan1 213.200.226.50 netmask 255.255.255.255
route add default 192.168.1.254
REM ifconfig lan2
REM ifconfig lan3
REM ifconfig lan4
REM ifconfig lan5
REM ifconfig lan6
REM ifconfig lan7
REM ifconfig sl0
ipgate on
lan0 is the internal net.
lan1 is the IP we have in the internet. The networkmask
is 255.255.255.255 and with this we react only when our fixed IP is called.
Any thing else is ignored.
The line ipgate on makes the PC to the router.
Specials:
When we use the Injoy firewall, we can use dummi numbers for the DNS:
1.1.1.1 and
2.2.2.2
In the firewall these numbers willbe translated and forwwarded to the
correct DNS servers.
Why, what is the advantage??
When you have only 4 Hosts, and the ISP chanche hes Ip for his DNS,
you can handle this. But here you have to do a reboot. With 100 or even
more PC's this look's complet different. This way you have to do the chanche
only once on one single PC.