Stanford High Performance Networking Group

Firewall

Description:

This is an box that will allow us to experiment with firewalls, NAT routing and bridging. We will be using a high-end Linux box with two ethernet cards, and making use of the VPNs (VLAN's) that can be found in the Gates Building.

This work is still in progress.

Configuration of the system

Here is what we learnt during the configuration of the system.

Phases of the project:

Phase Steps Expected duration
Ordering the machine:
  1. Order the machine through Mina
  2. Get confirmation from Stanford Procurement
  3. Get block of 32 addresses from Charlie Orgish
  4. Receive machine
  5. Ask Charlie to set VPNs
2 weeks
Install Software:
  1. Move machine to G342 (or Network Lab)
  2. Put one machine behind firewall (one of Paul's PCs)
  3. Install redHat 6.2 (if not installed already)
  4. Install needed RPMs (NIC drivers, ipchains, iproute, ipvsadm. gated, routed, arpwatch,...)
  5. Recompile kernel, so that firewalling and routing takes place in the kernel, and so that the drivers are integrated inside the kernel.
1 week
First test case:
  1. Set simple firewall rules
  2. Config Routing/Bridging
  3. Test setup (1 week)
1 week
Second test case:
  1. Set all G342 behind the firewall
  2. Test setup (1 week)
1 week
Final test case:
  1. Move firewall to the basement
  2. Test setup (1 week)
1 week

LINKS

Page maintained by Pablo Molinero Fernández (molinero@stanford.edu) and Paul Hartke (phartke@stanford.edu)
Last modified: Fri May 9 11:29:40 PDT 2003