Can my Bubba2's network has LAN&DMZ zones in my Shorewall?

How are you using your Bubba Two or Excito B3? Got pictures? Share here!
Post Reply
paulchany
Posts: 123
Joined: 10 Jul 2009, 15:48
Location: Serbia
Contact:

Can my Bubba2's network has LAN&DMZ zones in my Shorewall?

Post by paulchany » 13 Mar 2016, 11:34

Hi,

my home network is now:

Code: Select all

_ISP
_|--CableModem
__|--[ ethernet cable-RJ45 ] Bubba2
___|--Plug & Play Switch ___|--WiFi --\/ -- my smart phone
____|--[ ethernet cable-RJ45 ] Desktop Gentoo linux
____|--[ ethernet cable-RJ45 ] laptop Gentoo linux
____|--[ ethernet cable-RJ45 ] RasPi 2 
Can I rearrange this topology this like:

Code: Select all

_ISP
_|--CableModem
__|--[ ethernet cable-RJ45 ] Bubba2
___|--Plug & Play Switch ___|--WiFi ( thanks to you )
_____|________________________/\-- my smart phone
_____|________________________/\-- RasPi 2
_____|--[ ethernet cable-RJ45 ] Desktop Gentoo linux
_____|--[ ethernet cable-RJ45 ] laptop Gentoo linux
Can this way become my Raspberry Pi 2 Model, aka RasPi 2 ( webserver -nginx, moodle) in to DMZ zone of my Shorewall firewall?
Best, Pali

Gordon
Posts: 1367
Joined: 10 Aug 2011, 03:18

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by Gordon » 13 Mar 2016, 12:36

Not like this, unless you want your phone to be in the DMZ as well (no access to LAN).

It is however possible to create multiple SSID's on your wireless card, which will need to use the same channel but can use different keys so members of each SSID they will be isolated from the other SSID's.

paulchany
Posts: 123
Joined: 10 Jul 2009, 15:48
Location: Serbia
Contact:

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by paulchany » 13 Mar 2016, 13:31

Gordon wrote:Not like this, unless you want your phone to be in the DMZ as well (no access to LAN).

It is however possible to create multiple SSID's on your wireless card, which will need to use the same channel but can use different keys so members of each SSID they will be isolated from the other SSID's.
For my smart phone it should be enough just to has an access to the Internet but not necessary an access to my LAN.
Best, Pali

paulchany
Posts: 123
Joined: 10 Jul 2009, 15:48
Location: Serbia
Contact:

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by paulchany » 23 Mar 2016, 11:58

Can I somehow add one more ethernet port to my Bubba 2?
This way I could use it for DMZ zone.
Best, Pali

MouettE
Site admin
Posts: 271
Joined: 06 Oct 2011, 19:45

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by MouettE » 23 Mar 2016, 13:28

You can use an usb ethernet adapter

paulchany
Posts: 123
Joined: 10 Jul 2009, 15:48
Location: Serbia
Contact:

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by paulchany » 23 Mar 2016, 15:51

I have one USB Ethernet Adapter. When attached, lsusb shows the following:

Code: Select all

lsusb -t
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=fsl-ehci/1p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/4p, 480M
        |__ Port 1: Dev 11, If 0, Class=Vendor Specific Class, Driver=pegasus, 480M
        |__ Port 2: Dev 10, If 0, Class=Vendor Specific Class, Driver=rtl8192cu, 480M
Port 1: Dev 11 is the Bus 001 Device 011: ID 07a6:8515 ADMtek, Inc. AN8515 Ethernet
Port 2: Dev 10 is the Bus 001 Device 010: ID 0586:341f ZyXEL Communications Corp. NWD2205 802.11n Wireless N Adapter [Realtek RTL8192CU]
Does this mean that that in my Shorewall firewall DMZ zone should cover both WiFi and USB to LAN Adapters because both are on the same phisical "wire"?
If no, then on my Bubba2 eth0 will be still on WAN ( net zone ), eth1 on LAN ( loc zone ) with WiFi as WLAN and say eth2 on DMZ ( dmz zone ). Right?
Best, Pali

MouettE
Site admin
Posts: 271
Joined: 06 Oct 2011, 19:45

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Post by MouettE » 23 Mar 2016, 21:18

paulchany wrote:Does this mean that that in my Shorewall firewall DMZ zone should cover both WiFi and USB to LAN Adapters because both are on the same phisical "wire"?
No. Each network adapter (being wifi or ethernet) will receive a network device ethX (the wifi may get wlanX depending on system configuration). Each one will be dealt differently by the firewall.
paulchany wrote:If no, then on my Bubba2 eth0 will be still on WAN ( net zone ), eth1 on LAN ( loc zone ) with WiFi as WLAN and say eth2 on DMZ ( dmz zone ). Right?
Yes that should work.

Post Reply