Page 1 of 1

Can my Bubba2's network has LAN&DMZ zones in my Shorewall?

Posted: 13 Mar 2016, 11:34
by paulchany
Hi,

my home network is now:

Code: Select all

_ISP
_|--CableModem
__|--[ ethernet cable-RJ45 ] Bubba2
___|--Plug & Play Switch ___|--WiFi --\/ -- my smart phone
____|--[ ethernet cable-RJ45 ] Desktop Gentoo linux
____|--[ ethernet cable-RJ45 ] laptop Gentoo linux
____|--[ ethernet cable-RJ45 ] RasPi 2 
Can I rearrange this topology this like:

Code: Select all

_ISP
_|--CableModem
__|--[ ethernet cable-RJ45 ] Bubba2
___|--Plug & Play Switch ___|--WiFi ( thanks to you )
_____|________________________/\-- my smart phone
_____|________________________/\-- RasPi 2
_____|--[ ethernet cable-RJ45 ] Desktop Gentoo linux
_____|--[ ethernet cable-RJ45 ] laptop Gentoo linux
Can this way become my Raspberry Pi 2 Model, aka RasPi 2 ( webserver -nginx, moodle) in to DMZ zone of my Shorewall firewall?

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 13 Mar 2016, 12:36
by Gordon
Not like this, unless you want your phone to be in the DMZ as well (no access to LAN).

It is however possible to create multiple SSID's on your wireless card, which will need to use the same channel but can use different keys so members of each SSID they will be isolated from the other SSID's.

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 13 Mar 2016, 13:31
by paulchany
Gordon wrote:Not like this, unless you want your phone to be in the DMZ as well (no access to LAN).

It is however possible to create multiple SSID's on your wireless card, which will need to use the same channel but can use different keys so members of each SSID they will be isolated from the other SSID's.
For my smart phone it should be enough just to has an access to the Internet but not necessary an access to my LAN.

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 23 Mar 2016, 11:58
by paulchany
Can I somehow add one more ethernet port to my Bubba 2?
This way I could use it for DMZ zone.

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 23 Mar 2016, 13:28
by MouettE
You can use an usb ethernet adapter

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 23 Mar 2016, 15:51
by paulchany
I have one USB Ethernet Adapter. When attached, lsusb shows the following:

Code: Select all

lsusb -t
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=fsl-ehci/1p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/4p, 480M
        |__ Port 1: Dev 11, If 0, Class=Vendor Specific Class, Driver=pegasus, 480M
        |__ Port 2: Dev 10, If 0, Class=Vendor Specific Class, Driver=rtl8192cu, 480M
Port 1: Dev 11 is the Bus 001 Device 011: ID 07a6:8515 ADMtek, Inc. AN8515 Ethernet
Port 2: Dev 10 is the Bus 001 Device 010: ID 0586:341f ZyXEL Communications Corp. NWD2205 802.11n Wireless N Adapter [Realtek RTL8192CU]
Does this mean that that in my Shorewall firewall DMZ zone should cover both WiFi and USB to LAN Adapters because both are on the same phisical "wire"?
If no, then on my Bubba2 eth0 will be still on WAN ( net zone ), eth1 on LAN ( loc zone ) with WiFi as WLAN and say eth2 on DMZ ( dmz zone ). Right?

Re: Can my Bubba2's network has LAN&DMZ zones in my Shorewal

Posted: 23 Mar 2016, 21:18
by MouettE
paulchany wrote:Does this mean that that in my Shorewall firewall DMZ zone should cover both WiFi and USB to LAN Adapters because both are on the same phisical "wire"?
No. Each network adapter (being wifi or ethernet) will receive a network device ethX (the wifi may get wlanX depending on system configuration). Each one will be dealt differently by the firewall.
paulchany wrote:If no, then on my Bubba2 eth0 will be still on WAN ( net zone ), eth1 on LAN ( loc zone ) with WiFi as WLAN and say eth2 on DMZ ( dmz zone ). Right?
Yes that should work.