DenebaNetworkConfiguration

Enter a topic name to show or a new topic name to create; then press Enter

System Description

This is a Debian 8.1 Firewall / Router / VPN supporting both IPv4 and IPv6 networking. The route has 4 zones comprising of:

  1. Internet
  2. Firewall
  3. LAN
  4. DMZ

The IPv4 firewall is an IPTables implementation configured using Shorewall. See DenebaShorewallConfiguration for details.

The IPv6 firewall is an IP6Tables implementation configured using Shorewall6. See DenebaShorewall6Configuration for details.

The VPN is SoftEther from University of Tsukuba in Japan. Implementation details are at DenebaSoftEtherVPN and DenebaSoftEtherClient.

ifconfig output

	eth0      Link encap:Ethernet  HWaddr 00:0a:5e:77:b5:76 
 
	  inet addr:192.168.250.1  Bcast:192.168.250.255  Mask:255.255.255.0
	  inet6 addr: fe80::20a:5eff:fe77:b576/64 Scope:Link
	  inet6 addr: 2001:470:b0ad:1:20a:5eff:fe77:b576/64 Scope:Global
	  UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
	  RX packets:3806769 errors:0 dropped:0 overruns:1 frame:0
	  TX packets:4013591 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:1000 
	  RX bytes:501049324 (477.8 MiB)  TX bytes:3375943089 (3.1 GiB)
	  Interrupt:19 Base address:0x4000 
	eth1      Link encap:Ethernet  HWaddr 00:0a:5e:77:b5:73 
 
	  inet addr:192.168.240.1  Bcast:192.168.240.255  Mask:255.255.255.0
	  inet6 addr: fe80::20a:5eff:fe77:b573/64 Scope:Link
	  inet6 addr: 2001:470:1d:80b:20a:5eff:fe77:b573/64 Scope:Global
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:1093327 errors:0 dropped:0 overruns:198 frame:0
	  TX packets:437223 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:1000 
	  RX bytes:157808304 (150.4 MiB)  TX bytes:360215783 (343.5 MiB)
	  Interrupt:18 Base address:0x6000 
	eth2      Link encap:Ethernet  HWaddr 00:0c:6e:06:c1:91 
 
	  inet addr:208.114.148.38  Bcast:208.114.148.255  Mask:255.255.255.0
	  inet6 addr: fe80::20c:6eff:fe06:c191/64 Scope:Link
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:3927662 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:3237253 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:1000 
	  RX bytes:3762973891 (3.5 GiB)  TX bytes:499014918 (475.8 MiB)
	he-ipv6   Link encap:IPv6-in-IPv4  
	  inet6 addr: 2001:470:1c:80b::2/64 Scope:Global
	  inet6 addr: fe80::d072:9426/64 Scope:Link
	  UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
	  RX packets:1177356 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:951429 errors:365 dropped:0 overruns:0 carrier:365
	  collisions:0 txqueuelen:0 
	  RX bytes:841913020 (802.9 MiB)  TX bytes:152508061 (145.4 MiB)
	lo	Link encap:Local Loopback 
 
	  inet addr:127.0.0.1  Mask:255.0.0.0
	  inet6 addr: ::1/128 Scope:Host
	  UP LOOPBACK RUNNING  MTU:65536  Metric:1
	  RX packets:166158 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:166158 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:0 
	  RX bytes:38011743 (36.2 MiB)  TX bytes:38011743 (36.2 MiB)

ip route ls output

 default via 208.114.148.1 dev eth2 

192.168.240.0/24 dev eth1 proto kernel scope link src 192.168.240.1

192.168.250.0/24 dev eth0 proto kernel scope link src 192.168.250.1

  208.114.148.0/24 dev eth2  proto kernel  scope link  src 208.114.148.38 

ip -6 route ls output

	2001:470:1c:80b::1 dev he-ipv6  metric 1024 
	2001:470:1c:80b::/64 dev he-ipv6  proto kernel  metric 256 
	2001:470:1d:80b::/64 dev eth1  proto kernel  metric 256 
	2001:470:b0ad:1::/64 dev eth0  proto kernel  metric 256 
	fe80::/64 dev he-ipv6  proto kernel  metric 256 
	fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500
	fe80::/64 dev eth2  proto kernel  metric 256 
	fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500
	default via 2001:470:1c:80b::1 dev he-ipv6  metric 1024

denebanetworkconfig.zip as of 2015-08-17


Version: 8   Revised: 2015-08-17 14:47:45 Last Updated by: 2001:470:b0ad:1:c4ab:6da:c4c1:6cd Rename Show Links to Topic