# Firewall Setup



## Daolsky (Feb 15, 2012)

I am currently looking at setting up a computer as a firewall but am a bit unsure of where to start. I am limited as to what I am able to use due to the budget. I'm not looking for the latest strongest technology, but I am wanting something to help protect the network, even if just a little.

Here is a snapshot of what the current setup is....









and here is what I am wanting...










Any Ideas?

Thanks in advance.


----------



## Aaron721 (Dec 5, 2013)

There is a free source but yet strong firewall software you could install, it's called pfsense , try it on


----------



## Wand3r3r (Sep 17, 2010)

First lesson in NAT tells you your ip addressing is wrong. You can't have the same subnet on each side of the firewall.

Second issue is to have public ip for the dmz you would need the firewall in FRONT of the wifi modem. You can't go public [wifi modem wan]- private[lan side of modem] back to public ip. Might be possible to put the wifi modem into bridge mode but than you lose the wifi capability.

By placing the firewall there you would need to enable the dhcp server of the wifi modem to supply ip to its attached devices. Your server dhcp server would need to supply ip in a different subnet than the wifi modem


----------



## Daolsky (Feb 15, 2012)

This looks like something I can use. Will have a look at it and come back to you.


----------



## Daolsky (Feb 15, 2012)

Wand3r3r said:


> First lesson in NAT tells you your ip addressing is wrong. You can't have the same subnet on each side of the firewall.
> 
> Second issue is to have public ip for the dmz you would need the firewall in FRONT of the wifi modem. You can't go public [wifi modem wan]- private[lan side of modem] back to public ip. Might be possible to put the wifi modem into bridge mode but than you lose the wifi capability.
> 
> By placing the firewall there you would need to enable the dhcp server of the wifi modem to supply ip to its attached devices. Your server dhcp server would need to supply ip in a different subnet than the wifi modem



I have used this modem before as DMZ. Basically it acts as if there is no modem. Just a direct cable from my ISP with a static IP. Though it must detect that the computer requesting the DMZ is the unique entry point into the network. 

I can easily change the subnet/IP addressing of the Wireless Router so it will be on a different subnet to the rest of the network. 
I have an additional Wireless router laying around which could be plugged into the Managed Switch, so no problems for the Wifi there.


----------



## Fjandr (Sep 26, 2012)

What connection type is used for Internet access? Cable, DSL, Fibre, wireless?

If it's DSL, fibre, or wireless, you can put the firewall in front of the modem using either a DSL, fibre, or wireless add-in card. That's the easiest method. However, using a DMZ would also work. I'd suggest installing pfSense, Monowall, or some other Linux firewall distribution.

You could also set the modem to bridge mode, and put a DHCP server on the firewall. That may actually be the easiest route to go. You'd have to set up your other wireless AP to accept clients if you do that though, or you could throw a wireless card into the firewall.


----------



## Daolsky (Feb 15, 2012)

Fjandr said:


> What connection type is used for Internet access? Cable, DSL, Fibre, wireless?
> 
> If it's DSL, fibre, or wireless, you can put the firewall in front of the modem using either a DSL, fibre, or wireless add-in card. That's the easiest method. However, using a DMZ would also work. I'd suggest installing pfSense, Monowall, or some other Linux firewall distribution.
> 
> You could also set the modem to bridge mode, and put a DHCP server on the firewall. That may actually be the easiest route to go. You'd have to set up your other wireless AP to accept clients if you do that though, or you could throw a wireless card into the firewall.


Currently DSL, though looking at getting Fibre.
I have installed pfSense. I will try DMZ from the modem first, and let you know what the result is.

Thanks.


----------

