Avatar of scripttron75
scripttron75
 asked on

setup smoothwall firewall with ATT and trendnet at home

I ATT uverse dsl modem with tv.  I had the att rep setup on the modem bridge mode on the modem so that i can use my trendnet wirless N router for wireless access this att modem does not come with wireless N standard.  well i want to throw somethign else in the mix with my home network to learn more about networking.   I installed Smoothwall 3.0 on a old pc that works great it is the only thing on this pc, it is a compaq evo.  I have 2 nic cards installed one onboard and one linksys nic card both 10/100mb.  ok so here is the issue.  I need to get the modem off bridge mode obvisoulsy if i want to have the firewall in between the Modem and the router.  i however I am stumped on how to configure the red interface that connects to the modem.  how do i set this up so that we have the modem ATT isp, connected to red nic on smoothwall pc, then the green side nic goes to the router wan side i believe and then the router port goes to a switch that goes to all my pcs and xbox.   I also forgot to add that all my LAN connected pcs and xbox are static ip addresses of 192.168.10.xxx that goes with the trendnet router.
LinuxSoftware FirewallsHome Security

Avatar of undefined
Last Comment
Daniel McAllister

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Daniel McAllister

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
scripttron75

ASKER
Thanks for your response Dan and insight.  i put in red all my answers to your Questions. also i understand what you are saying, i am familar with it just confused a little with the red wan side of smoothwall connecting to my 2wire modem. what i mean is the 2wire does not have bridge mode as i found out earlier from ATT they just DMZ on the 2wire.  should the smoothwall be the DMZ or the trend net because it only handles one device at a time.

i attched the word doc.
smothwall.doc
scripttron75

ASKER
Also dan i dont want dhcp addresses for LAN i need static because i use port forwwarding a lot.
Daniel McAllister

OK... I have read your document & comments... While I disagree that there are any problems with the device in bridge mode, I also an told the carriers don't like to put them in that mode because then the modem is effectively in "stealth mode" and the carriers cannot login to them to diagnose connection issues.

So first, let me review what I believe is now the case (I have more information, so I can be more specific):

  - Your 2wire DSL modem has a WAN IP (DHCP assigned) of 99.x.y.z, and a LAN IP that you did not provide. Since the default is 192.168.0.254 I'm  going to go with that. The WAN-side wire is your DSL phone line, the LAN-side wire is an ethernet cable to your TrendNet Wireless-N Router.
  - Your TrendNet router has a WAN IP (statically assigned) of (I'm guessing here) 192.168.0.1, and a LAN IP address of 192.168.10.1. The WAN side wire connects to the LAN side of the 2wire modem, the LAN-side wire(s) go to your LAN devices (directly, or via a switch).
  - You've indicated that the DHCP server within the TrendNet Router has been disabled - that's really immaterial
  - You've further indicated that the 2wire modem has set the TrendNet's 192.168.0.1 (I guessed the IP) address as a DMZ host.
  - Finally, you've indicated that your PCs and other devices on the LAN are already configured on the 192.168.10.x LAN and are working

Assuming that is right (and I'm pretty sure everything BUT the 2wire LAN IP and TrendNet WAN IP settings are exactly correct), then the next assumption is what you want to do:

It appears to me that you want to INSERT your smoothwall device in between the modem and the router, this giving you a more powerful firewall between your LAN (192.168.10.x) and the Internet.

The EASIEST way to do this is to create another "internal" limited-use LAN. Specifically:
 1) Configure the smoothwall WAN interface to use the same settings that USED to be on the wireless router. (My guess was WAN IP of 192.168.0.1, subnet mask of 24-bits, and Gateway of 192.168.0.254). This will be a STATIC setting, and you will need to plug this interface into the LAN port of the DSL modem (unplugging the TrendNet Router. Yes, this is configuring the smoothwall Internet Interface with a RFC1918 address, and it may warn you of this... but it is the RIGHT setting.
 2) Configure the smoothwall LAN interface to use IP address 192.168.1.1 (DIFFERENT from the 192.168.0.1 that is the WAN interface, and DIFFERENT from the 192.168.10.x that is your "usable" LAN!).
 3) Re-configure the TrendNet router's WAN port to be 192.168.1.2 and connect it to the LAN port on the smoothwall firewall.

NOTES:
 - This is the EASIEST way I could think of to get the firewall INSERTED. Easiest because you only have to configure the smoothwall device's WAN & LAN ports (which you'll have to do regardless) and reset the TrentNet WAN interface. No other changed are required!
 - This gives you the pathway you desire: From the Internet to your firewall to your router to your LAN devices. NOTE: Remember that a FIREWALL is actually a router with more settings. You COULD configure the firewall to be your LAN's router, and take out the middle-man of the TrendNet router... and if you need the wireless capability, keep the TrentNet router attached, configured as a Wireless Access Point instead of a Router. But this is more complicated than what I've shown here....

This should get you started!

To review:
  DSL Modem WAN port is the DSL phone line (public IP).
  DSL Modem LAN port connects to firewall WAN port. Their IPs are on 192.168.0.x, the DSL Modem LAN IP is the default GW in the firewall, and the firewall's 192.168.0.x address is the DMZ host in the modem.
  Firewall WAN port is conencted to the DSL modem as above.
  Firewall LAN port connects to TrendNet Router's WAN port. Their IPs are on 192.168.1.x, the firewall's LAN IP is the default GW in the router.
  TrendNet Router's WAN port is connected to the firewall as above.
  TrendNet Router's LAN port(s) go to your LAN devices, which ALL remain on the 192.168.10.x LAN, with the router's LAN IP of 192.168.10.1 set as the default gateway for all.

Ready, set IMPLEMENT!!!!

Good Luck!

Dan
IT4SOHO
Your help has saved me hundreds of hours of internet surfing.
fblack61
Daniel McAllister

BTW: You said you use a lot of port forwarding...

You'll now need to forward ALL "open" ports through the firewall to your router...

Say you have a mail server & therefore need port 25 open and unobstructed.

 - Internet to DSL modem is never filtered, so no change there...
 - DSL modem to Firewall is forwarded already as the DMZ host setting...
 - Firewall to Router will need to be configured (firewall port-forwards port 25 to router's IP (on 192.168.1.x)
 - Router to server IP will need to be forwarded and I assume this is already done! No change here

So as you can see, and as you SHOULD have expected, only the firewall will need to be configured to port forward port 25 to your mail server. The confusing part is that it forwards the port to the ROUTER, not directly to the mail server.

Dan
IT4SOHO
scripttron75

ASKER
Thanks for the feedback, here is what i did

I essentialy made the smoothwall the router and firewall and gateway.

I setup the smoothwalll on the red interface that connects to the DSL modem to dhcp it grabs a dhcp address of 19.168.1.66

on the green side this connects to the port 1 on the wireless trend net router (not the WAN port)

i gave the green interface a 10.0.0.1 address and 255.255.255.0 subnet, the trend net has a 10.0.0.2 address for its lan address,  i setup all my pcs and devices to 10.0.0 subnet as well

the dns server set static for all devices is ATT dns servers.

on my laptop i can connect to the wireless trend net router via wireless with static address works great

so essentialy given your instructions i did not connect the trend net to a WAN port of the green interface of smoothwall.  it works perfectly now

I tested port forwarding by setting up my xbox 360 and did a test and of course a dns error came up so i forwarded the ports for xbox that need to be forwarded in smoothwall and it works perfect now. so the firewall is working correctly.

let me know if this makes sense or you think something might be wrong. thanks.  

Also the att RG does not have bridge mode installed it only has DMXmode pplus that is it.
Daniel McAllister

You did what I said was possible, but was more complicated... you're using the smoothwall as your router, and your old router is now acting as a wireless access point. (It was in the NOTES: section above). In doing so, you had to reconfigure everything on your LAN -- a lot of extra work.

In this mode, all of your port forwards will need to be setup in the smoothwall, and they will go directly to the server you want on the LAN.

Just make sure your modem is setup to make 192.168.1.66 the DMZ host!

Finally, if you're not port forwarding or file sharing over the wireless (e.g.: just Internet surfing), then you may want to consider making your wireless network a separate LAN... why? solely to allow you to run a DHCP server on the router so that you don't have to manually configure your wireless devices. (That can be a real PAIN when you take your laptop out into the real world and have to reset the settings, then put them back when you come back "home").

In any case, it appears we've accomplished what you desired!

Dan
IT4SOHO
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
scripttron75

ASKER
yes it can be a pain to switch out the ip address settings manaully not a big deal.

but also you can however setup the tcp/ip settings in the adapter to connect to another network as well at the same time keeping your existing settings without changing them.

Daniel McAllister

I am not certain (haven't tried it), but I believe that you can do something like that in Windows 7 (where you can really have a completely different set of settings for each "network" you connect to... one of the things I actually LIKE about Windows 7!

Dan
IT4SOHO
scripttron75

ASKER
windows xp has it as well.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Daniel McAllister

Hmmm... Not sure XP lets you make one SSID have a static IP and other SSIDs use dynamic...

My point with Windows 7 (and to a lesser degree, Vista) is that you can identify the network and provide a whole host of settings for THAT network without affecting the settings for other networks.

So, I can say that my "home" WLAN allows me to share folders and printers, but when I go to Starbusks, those settings don't apply -- and I don't have to do anything to effect those changes.

What I believe happens with regards to static vs. DHCP addressing in XP is that it is an adapter-level setting. So if I set my Wireless Adapter to use a static IP, I need to switch it to DHCP when I go to starbucks.

Now I'm not 100% sure I can make different IP address settings on a per-network basis in Windows 7 -- I haven't used Windows 7 much yet -- but I believe it may be so... I do know one of the goals was to bring more settings into the "network settings" arena and away from the "network adapter settings"....

I'll have to fire up another Windows 7 install (I have a MS Action Pack subscription -- I get limited free installs of all new MS software) and check that out.

Dan
IT4SOHO