Custom Search

Installation Wizard BrazilFW 2.31 release 10

This BrazilFW install is from the ISO CD created for BrazilFW 2.31 release 10.
Parts of the install were simulated. Part one is the BrazilFW 2.31 setup to hard driveSecure access for BrazilFW webadmin from the Internet.

This second part will run the BrazilFW Installation Wizard.

  1. Local Network Configuration:BrazilFW 2.31 Install - Step 1BrazilFW Install 2.31 - LAN Configuration
    Unless you really need to change the default LAN settings leave it and select next. If you do change it then all the IP addresses mentioned in the network tutorial do not apply but the theory is the same.

    The system identifies all the NICs found. The LAN is assigned eth0 and occupies the first PCI slot. There is no ISA NIC support.

    Using two identical NICs can cause the local and Internet interfaces to be flipped contrary to what you intended. It depends on which PCI slot it occupies.
  2. Internet Connection Type:BrazilFW Install 2.31 - Step 2BrazilFW Install 2.31 - Internet Connection
    DHCP has nothing to do with whether you enable your DHCP in step 5. Use DHCP when another device will assign an IP address to the WAN side of Brazil Firewall. In the business world this could be the corporate firewall/router. For home users this is usually a connection with the television cable company via an ADSL modem in bridging mode. You must make sure the modem is not also a DHCP server. If this modem is also a router see the note below.
    How do you know if the modem is DHCP enabled? Use the web interface provided or connect it to a Windows PC that is configured to get an address automatically. If it gets an address in the ranges 10.n.n.n, 176.16.n.n through 176.31.n.n or 192.168.n.n then the modem is DHCP enabled otherwise it will get a Microsoft IP like 169.254.243.n.

    Use STATIC when you will hardcode the IP address, netmask, and gateway. Go with this if you buy 1 or more fixed IP addresses or the special situation in the note below. Another purpose is for testing like I do.

    PPPoE is for a connection with the telephone company via an ADSL modem in bridging mode. If this modem is also a router then your Brazil Firewall becomes a DHCP configuration and see the note below.

    DHCP, STATIC, and PPPoE have a Internet NIC interface list to choose from.

    PPP is for the older dial-up serial connections using a real serial modem. Do not confuse this with a WinModem® which requires a Windows operating system. There is nothing out there to let you share a telephone line like this.

    NOTE: When your modem is also a router it will be responsible for getting a public IP address from the ISP whether your ISP supplies you with a DHCP or PPPoE connection. In the case of PPPoE it will do the signon and it will have this information. If you turn this routing off by putting it in bridging mode then just follow the normal procedures above for your type of connection.

    This modem/router will also be a DHCP server to BrazilFW so your configuration is DHCP. If you turn it off then Brazil Firewall becomes a STATIC configuration. In either case you must make sure that the LAN network address you selected in step 1 above does not conflict with what will be assigned by this DHCP server or that you hard code by hand for STATIC. It will be in the documentation for this device.

    A visual representation of this: DHCP setup   STATIC setup

    If your connection to the Internet is one of those "all in one" router/hub/WiFi devices, like Linksys or D-link, you may not need Brazil Firewall. These devices have an integrated firewall and a web interface.
    • Internet Connection Type: DHCPBrazilFW 2.31 Install - Step 3 - DHCP
      Fill it if your ISP tells you a host name is required.

      The form says Static but it is really DHCP.
    • Internet Connection Type: STATIC (cable and telephone company connection)
      BrazilFW Install 2.31 - Step 3 - StaticIf you bought one or more IP addresses from your ISP fill in the form with the infomation they gave you.

      Another use for STATIC is to test firewall rules on a test system before going live or to diagnose what is going wrong or right.

      You can now simulate the Internet on the WAN side. This is how I do it.
    • Internet Connection Type: PPPoEBrazilFW 2.31 Install - Step 3 - PPPoE
      Fill in the userid and password that the ISP assigned to you. Only fill in the nameservers (DNS) if the ISP says you must.
    • Internet Connection Type: PPP
      • BrazilFW 2.31 Install - Step 3 - PPPThis will not work with a WinModem®.

        Fill in the userid, password, and telephone number the ISP gave you. The ISP will assign everything else but if they tell you that you must specify a DNS address then fill it in.
      • BrazilFW 2.31 Install - Step 3 PPP - Modem ConfigurationConfigure the modem.
      • BrazilFW 2.31 Install - Step 3.1 PPP - comm portKeep it simple and use COM1 or COM2. See Dial-up services (PPP) for a guide to the Comm Port.
      • BrazilFW 2.31 Install - Step 3.2 PPP - Dial modeHow you want to dial out.
      • BrazilFW 2.31 Install - Step 3.3 PPP on demand timeoutThe dial on demand timeout is OK unless you want it longer.
      • BrazilFW 2.31 Install - Step 3.4 PPP modem init stringNormally the init string is OK. Only change this if you really need to. See Dial-up services (PPP) for a guide to the Modem init String.
  4. There is no step 4.
  5. Services:BrazilFW 2.31 Install - Step 5 - Services
    The DHCP server is also a DNS cache server. This is on by default. Leave it on unless you like headaches.

    I see no reason not to use DHCP. You still have control. You can reserve IPs by MAC (Medium Access Control) address for yourself or those servers which you don't want changing all the time. Make a convention. Static addresses are low and dynamic ones are high. DHCP was designed to make life simpler.
    There can be only one DHCP server on a broadcast network.

    This option also enables DNS caching in BrazilFW which is desirable. You can leave this disabled for now and enable it later using the Webadmin tool.

    Only enable SSH if you want to access your BrazilFW console from the Internet. It's an open port. People could hit it all day and you would never know it.
  6. DHCP Configuration: (if selected)BrazilFW 2.31 Install - Step 6 - DHCP Configuration
    Select the IP addresses to reserve. Using only what is needed saves memory.

    Don't think decimal here. Think powers of 2. Reserve a total number of IPs that is a power of 2 and use a starting IP that is a multiple of this. Good total numbers are 8, 16, 32, and 64. Good starting numbers are 64, 128, and 192.

    50 and 100 are neither good total numbers nor good starting IPs.

    A starting IP address of 8 for 8 means IP 8 through IP 15 (not 16). Prove this using your fingers. The formula is ((starting IP number + total IPs)-1). This will make the allow/deny rules easier and cleaner. See Simplified Firewall Configuration in the firewall tutorial series.

  7. System Password:BrazilFW 2.31 Install - Step 7 - Set System Password
    Pick a good password here. It is your first line of defence for your system.

    Remember this password or you will not be able to modify your BrazilFW. See: Recover Lost Passwords.
  8. Reboot:BrazilFW 2.31 Install - Step 8 - Reboot system
    The system now saves your configuation parameters and waits for you to reboot.

DISCLAIMER: The following instructions come with no warranty. Use at your discretion and risks. I am not responsible for its misuse, damages, or losses that can be caused directly or indirectly. It is assumed that you practice safe computing and take backups before making changes.

Stuff is written here for the uninitiated and no prior knowledge on the subject is presumed.

Use the Brazil Firewall forums for support so everyone can share the information.

Updated 2008/07/28

© copyright© copyright for the writing. The ideas and code are free. Robert Bonomo
bobbb at myrealbox dot com

W3C logo
W3C CSS logo
Comments? or things you don't agree with? Write me.