[ale] openwrt and network filtering

Harry Putnam reader at newsguy.com
Wed Feb 1 14:35:07 EST 2012


Running Debian (testing) Wheezy on older P4'esque Celeron Hardware
2 GB Ram. Formerly; for several yrs, a gentoo linux user.

(Note: I am a recent arrival to GA, and currently making Atlanta my
home.)

WARNING: windbag alert!

Are there any openwrt guruish sorts here?  I'm tinkering with a
TP-Link WR2043ND with openwrt installed.  I didn't really have too
much trouble installing, but then its one model that has received much
attention from openwrt users and so its well established how to do
things on it.

I've got this idea in my head of somehow going thru all incoming
outgoing traffic with somekind of iptables filtering setup that finds
all suspicious sorts of traffic and logs it. The idea is that the
gateway router of my home lan will handle any dropping of malicious
type stuff, but the secondary router will get a look at it all and be
able to apply rule that will log the details of any probably malicious
sorts of stuff.

Mainly I want to get a good look at what is coming to my outfacing
internet port, without leaving my lan in jeopardy.

I mean to have this happening on the side and not to be a factor in any
network traffic, just logging.

I'm pretty chicken about inserting something I'm admining at the head
of the lineup, or I mean right after my ISPs satellite modem/router,
so I'm leaving a storebought, set and forget, cisco-Lynksys-WR120N
running there.

So far I'm just trying to familiarize myself with openwrt and iptables
enough to keep from exposing my home network and ending up with some
script kiddies running a warez sight on it, or the like

My setup is pretty basic (except for the 2nd router I am fiddling
with being stuck awkwardly in there) and looks like this (roughly).  
                             
                 internet
                    |
               Satellite modem
                    |
      ROUTER1 cisco/linksys-WRT120 gateway router
           |    |      |       |        |
          ++++ network 192.168.1.0/24 ++++
           |    |      |       |        |
         host  host  desktop  host    ROUTER2 (WR1043ND)
       2 nics         host              |
          |                             |                     
       subnet   192.168.2.0/24         subnet
          |                             | 
          |_____________________________|


The middle level there is on 192.168.1.0/24
                subnet is on 192.168.2.0/24

So the second router (far right) has its WAN port connected to the
(cisco) router's LAN port (router2 WAN to router1 LAN).  2nd router's
own lan ports are supplying the subnet 192.168.2.0/24.

This is not supposed to be my attempt at the setup I'm asking about.
It's just me working on the 2nd router... adding openwrt router
software and familiarizing myself with iptables before I land myself
in hot water. 

I think the setup I'm after would look about the same but would allow
only 1 lan port out of ROUTER2, and a well secured one.  That would be
to get at the logs being created there. Either by store and mail, or
syslog. (my preference would be to have them mailed)

Maybe some kind of modified DMZ type setup?  I mean it looks like I
could use the cicso/linksys-WR120Ns (router1) DMZ setting to route
copies of everything to the  openwrt/iptables (router2).

The hard part is that I don't really know what the heck I'm doing so
the whole thing might be a poor idea, and there are better ways to do
this.

Any ideas or input from experienced people would be greatly welcome.



More information about the Ale mailing list