New to Endian,...couple questions...

N

nst6563

2[H]4U
Joined
Sep 15, 2003
Messages
4,023
I just installed Endian this evening and have 3 NIC's installed (2 3Com's and a DLink). I have it all setup to content filtering, virus scanning, etc.

I also have PC's (4 actually) that connect to a DLink wireless router (DI-524 pos).
I setup Endian with a Red, Green, and Blue interface.
I know the wireless interface should be blue, but do I connect the DI-524's WAN port to that? Or just plug the Blue interface NIC into one of the 4 available ports on the DI-524's switch/hub?

The reason I ask is because the DI-524 has a built in firewall that can't be disabled (that I've found anyway). I also disabled the DHCP on the 524 and wanted to use Endian for that. However I couldn't get any machines to pull an address when the 524 was plugged into the Blue interface (using switch port or Wan port). Although it worked just fine by plugging the 524 (using a switch port, not WAN port) into my 3Com switch. I assume b/c doing it this way bypasses the firewall, etc. But why would that not work when plugged in the same way to the Blue port???

Checked the EFW forums...and there's been like 4 posts this year...so I don't think they'll be too helpful :p


also...Does Endian have Squid installed already, or is that a mod/addon somewhere?

thx
 
You might need to wait for YeOldStoneCat to show up, he is the current Endian person around here.
 
Have you configured your Blue interface from inside Endian using the configuration wizard?

As for your second question: the current Endian build includes squid.
 
yes. It's all configured and DHCP is enabled. I tried setting the blue address to 10.10.100.1 and also 192.168.0.1 and 192.168.1.1 with the corresponding dhcp ranges, nothing worked on the blue address.

Cool on the Squid ;)
So far I like Endian. Very polished. I like it much better than Smoothwall that I used to run. You had to mod it just to get content filtering and other stuff like that whereas Endian just "has it" ready to use. Much faster setup.
 
DHCP pass-through should not work through the WAN port.

Have you plugged a laptop or pc directly into the blue interface to see if it would lease an IP?

I'm a big fan of Endian, before I started my current job I worked for a service company and we had started using it in several of the schools we were taking care of. It's great for small schools that can't afford dedicated content-filtering or security appliances.
 
unfortunately my laptop isn't here, it's 2 hours away :( I'll be sure to try that though when I get it back.

Is there anything inherintly wrong with just plugging the 524 into the green interface?
 
If you are going this route as far as installing your Wireless on the Blue segmant you do not want to connect the WAN port of the DI-524 to the Endian box. Otherwise you will be double natting (not sure if that is a word). You really need to connect one of the switch ports to your endian box. Then the DI-524 would not do any firewalling.

Also, you will need to create Zone pinholes to allow connectivity from BLUE to GREEN or BLUE to RED, for the services that need to connect for instance the internet. BLUE is locked down by default, if my memory serves me correctly.

I hope this helps a little.
 
nst6563 said:
also...Does Endian have Squid installed already, or is that a mod/addon somewhere?
Click to expand...

Since I've been meaning to anyway - I just setup a quickie vmware version of Endian.

YourIPAddress:10443/cgi-bin/advproxy.cgi

That is "HTTP: Web proxy configuration", part of the default install but not turned on by default. Under the proxy tab, HTTP.
 
You treat it the same way as if you were hooking up your DLink to another plain old router....you can change the IP ranges of each..and yes it will work, although not optimally. I'm not a fan of double NAT'ing. If you have a router...and you want to add wireless, IMO you add an access point. If you have a wireless router instead of an access point....some wireless routers allow them to be changed to AP mode in the web admin. Others...you have to do a bubble gum, bandaid and duct tape job on them....disable DHCP, change the LAN IP so it's in the same range as your main router but on a unique IP outside the DHCP pool..and uplink it to your main router using a LAN port. This effectively bypasses the router feature of your wireless router.
 
You really need to connect one of the switch ports to your endian box. Then the DI-524 would not do any firewalling.
Click to expand...

That's exactly what I did. And it works...but only on Green.

disable DHCP, change the LAN IP so it's in the same range as your main router but on a unique IP outside the DHCP pool..and uplink it to your main router using a LAN port. This effectively bypasses the router feature of your wireless router.
Click to expand...

This is also what i did, and how it's running now, only through the Green interface. It seems to run just fine that way...but are there any downsides to running it on Green vs Blue? Eventually I'd probably get an AP, but right now I don't have the money.
 
By plugging your Wireless router into endian using a LAN port all routing features will be bypassed, essentially making it an AP. Like metioned above make sure that the LAN IP of the wireless is on the same subnet.

One of the advantages of having on the BLUE interface is that blue is completely isolated from the rest of the network. There are ups and downs to this.

If BLUE tries to connect to a server or another machine on GREEN it will not work by default. You will need to open Zone Pinholes. You can do this by clicking on Firewall tab, then click on "Zone Pinholes" on the left menu. You can add a path from BLUE to GREEN to allow for filesharing, etc...

The biggest advantage is the ability to separate your wireless network from the rest of your network.

Disadvantage is that it can be a PITA to setup and get working propperly.

Personally, I would not go out and buy an AP at this time for several reasons. The new 802.11n is in engineering right now. I know there are "Pre N" releases, but it has not been finalized. I would wait if you are look to upgrade.

Secondly, by connecting your DI-524 to endian through a LAN port, it is essentially an AP anyway and will function as an AP and not as a router.

Hope this helps.
 
I think I'll leave it the way it is for now. Good point about the AP though, I'm sure I'll eventually upgrade to the 802.11N so no use in spending double the money.

As for putting it on the blue and opening the pinholes, i may as well leave it on green for now since I remote control most of the other pc's (some more often than others) as well as filesharing, etc. If a hacker REALLY wanted in to both networks, I'm sure he'd be smart enough to find the pinholes and at that point it wouldn't do a whole lot of good anyway.


Also...why is port 113 open by default?

thanks for all the answers! ;)
 
cool link. I remember visiting that page 2 years ago when I setup smoothwall :p

Is there a way to completely stealth the Endian box? Shields up says it returns a ping...I can't find in the firewall where to set a rule up to drop ICMP packets either.

i think this part of smoothwall has Endian beat, it seemed a bit more robust on the making of firewall rules. After a mod it was extremely robust...maybe I always ran it with the firewall mod and that's why this seems so limited...
 
nst6563 said:
Also...why is port 113 open by default?

thanks for all the answers! ;)
Click to expand...

Seems many of the linux distros do that. I had wondered about that when first playing with IPCop I think (or maybe by the time I moved to Endian). Hit up a few firewall forums...and most people will go "Who the heck cares..you're running a good firewall...worrying about that is really biting your nails over nothing".

Personally I never cared about ident or replies to ping. Long as there is NAT behind it...that's all I care about. Let them ping me all day long..ain't gettin anywhere.

A thief can stand in front of a bank all day long. Doens't mean he's gonna get into the safe.
 
Ok...yet another one I can't seem to answer myself...
I'm trying to forward a port to a specific address. Seems simple right? It's for Azureas (bittorrent client).

So I go into the firewall and add a port forwarding rule. Sounds simple enough (that's what I did with Smoothwall anyway). Add the rule, Azureas still says it has a NAT problem (I say ge the damn bug spray :p ). So I add one into the External Access...still same NAT problem.

What am I missing here? I'm trying to forward both TCP and UDP ports 6881.
On External Access, it says Source IP = All, Dest IP = Default IP, Dest Port = 6881 and they're enabled.
On the PF screen, it says SourceIP = Default IP:6881, Dest IP = xxx.xxx.xxx.50 (the x's are really valid IP addesses),
 
You must log in or register to reply here.
Back
Top