MAX, the NetMAX Mascot NetMAX Support Simplifying Linux!
Menu Options: Contact Support Menu Knowledge Base Menu User Forum Menu Downloads Menu Documentation Menu Back to NetMAX front Menu

Installing NetMAX for use as a Firewall/Router

Installation Guidelines

The following are instructions for a typical setup using the NetMAX as a router and firewall between an internal network and your ISP's network (via cable modem, DSL, or edge router). To use your NetMAX as a router or a firewall, you will need at least two ethernet Network Interface Cards (NICs). The first NIC is going to be connected to your internal network and will be be the default gateway that your network clients will use to reach the external network (your ISP's network and beyond). We refer to this NIC as your "internal NIC", since it's on your internal network. The second NIC is going to be connected to your ISP's network (usually via a cable modem, DSL modem, or edge router). We call this second NIC your "external NIC", since it's logically sitting on an external network. With this configuration, your NetMAX router and firewall will be between your internal network and the external network (where Internet traffic comes into your network).

Most users who implement the NetMAX do not already have an internal network, or a firewall. So these instructions will help you set up your internal network, and configure your NetMAX to be used as a router between your internal network and your ISP (and the Internet) with the ability to implement firewall rules to protect your internal network from your ISP's network (and the Internet).

Once you have this configuration properly set up, it will allow the client machines on your internal network to reach the Internet through the NetMAX router, so that they are all sharing the Internet connection provided by your ISP.

The NetMAX installation procedure in the User Manual and in the Quick Install Guide is only going to configure the first NIC in your machine, so to avoid confusion on which one is being set up during the installation, you will want to start your installation with only one NIC physically installed in the machine. To make the installation simple, you will also want to configure your internal NIC first, so you should take out your external NIC if it is already installed. You should start with a configuration similar to one of these two diagrams.

If you have cable modem or DSL service and currently have a machine that is connected to the cable or DSL device with a NIC, you should remove the NIC from that machine and use the same NIC as the external adapter for your NetMAX if it is listed on the hardware compatibility list for the version of NetMAX that you own. The reason for this is because many ISP's cable or DSL device (or their router) will be configured to ignore any traffic that does not come from the NIC that you were originally using. You may want to contact your ISP to see if the NIC that you are using for your external NIC is going to work with their routing hardware and software. Also, if your ISP gave you ANY software (ie. PPP Over Ethernet (PPPOE)) that needs to run on your machine in order to connect to their service, more than likely it is not going to be able to run on your NetMAX, and so you will not be able to use the NetMAX to connect to their service.

We recommend using PCI NICs, as ISA NICs are not supported. Some brands of NICs don't work well in pairs (having two of the same brand/model of NIC in the same machine). The reason for some NICs not working in pairs is because the Linux driver for the NIC may not have been written to support more than one NIC using the same driver, because not too long ago, it was assumed by the developer of the driver that you would never need more than one NIC in a machine.

We recommend always using the Remote Install Method described in the Quick Install Guide and not configuring X Windows, unless you absolutely must use the NetMAX as a workstation.

It is very important to click on the question mark (?) when using the NetMAX if you are unsure of what a function or setting does.

  1. Follow the installation instructions in your NetMAX User Manual all the way trough, keeping the following in mind:

  1. If you only have one IP address from your ISP to use for your NetMAX, and are not sure how to address your network, please use one of the below options for your internal network, which are IP address ranges specifically reserved for internal use. These IP address ranges are often referred to as non-routeable IP addresses, because there is no route to connect to them from the Internet, since they are private and can not reside on the Internet.

    OPTION 1:
    NetMAX IP Address (and netmask): 192.168.0.1/255.255.255.0
    Network Client IP addresses: 192.168.0.2 - 192.168.0.254 (/24 network with 253 assignable IPs)

    OPTION 2:
    NetMAX IP Address (and netmask): 10.0.0.1/255.0.0.0
    Network Client IP addresses: 10.0.0.1 - 10.255.255.254 (/8 network with 16581374 assignable IPs)

    You will need to specify a domain name for your internal network. If you don't plan on using your NetMAX as a DNS server for a valid domain name that is registered with Internic (or don't even know what that means), then you should specify a "fake" domain name that you will use internally only. We have reserved mynetmax.net for this purpose, and you may enter this as your domain name.

  2. After you finish installing your software, you will then want to refer to the "Network Configuration" section of your User Manual, keeping the following in mind:

    When you are prompted for a Primary DNS Server, you are being asked for the nameserver addresses that more than likely your ISP has provided to you. Because the nameservers are going to reside on your external network (the Internet), you will want to leave this field blank for now, because you can not set it up until you add your external NIC later. If you have an internal nameserver, then you can enter it's IP address here.

    When you are prompted for a Default Router, you are being asked for the IP address of the gateway/router off of your ISP's network. Because this IP address is also going to reside on your external network (the Internet), you will want to leave this field blank for now, because you can not set it up until you add your external NIC later.

    After you set the clock and follow the on-screen message to commit the changes, ensure that you go to Home|Users|Users, click on the pencil next to your admin user and make sure that "Unix Shell Login Enabled" is checked and that the user has a home path. If you do not perform this step when using the Console Install Method, you will not be able to login to the console after you log out.

  3. Now that the NetMAX is configured, you will want to shutdown your NetMAX machine. From Home|System|Shutdown, select Immediate Shutdown. After your machine has shutdown and been powered off, insert your second (external) NIC into the NetMAX machine and power it back on.

  4. The NetMAX should recognize the newly inserted NIC, and you can now configure it under Home|Network|Interfaces, by clicking on the pencil next to the second (the external) NIC. If you do not see the second NIC listed, please make sure that you are using supported hardware and search the Knowledge Base on our web site for assistance.

    It's always possible that upon entering your second NIC, that NetMAX would actually find the newly added NIC before it finds the previously existing NIC. If that happens, your eth0 and eth1 could get swapped. If this happens, don't let it confuse you. But it is possible that you will need to swap the network cables running into your NetMAX

  5. After you click on the pencil, enable the NIC by ensuring that the "Enable This Interface" check box is checked.

  6. If you have configured your internal network on non-routeable IP addresses, you will need to "Enable IP Network Address Translation (NAT)" for this external NIC so that your internal clients will be able to communicate over the Internet.

  7. If your ISP gave you an IP address to assign to your computer, or a range of IP addresses, you will want to check the box that says "Use Fixed Netmask and IP Address(es)" and enter your IP address (or one of the range that they gave you to use) and your "Netmask".

  8. If your ISP did not give you an IP address or netmask for your computer, or if they told you to use DHCP, then you will be getting an IP address dynamically assigned to you. To use this method, check the box that says "Obtain Netmask and IP Address via DHCP". Even if you are using DHCP, you should still enter an IP address and netmask. These "default" parameters will be used if your ISP's DHCP server fails to service your DHCP request (for an IP address and netmask).

    If your ISP gave you a hostname to assign to your computer, ensure that you assign this to your external NIC in Home|Network|Naming, because your ISP may be using this information to authorize your DHCP request.

  9. Click on STORE, then COMMIT, and commit your changes to finish the configuration of your external NIC. If you have configured it for DHCP, your NetMAX machine will now attempt to obtain an IP address and netmask from your ISP's DHCP server.

  10. You now need to configure your Primary DNS server and Default Gateway that we left blank when configuring the internal NIC:

  11. You may not have been given the IP address of a default router from your ISP if you are using DHCP to retrieve it from your ISP. In that case you can skip this step.

    From Home|Network|Routing check the box that says "Use IP Address for Default Router", enter your ISP's default router in the box, click on STORE, then COMMIT, and commit the changes.

  12. From Home|Network|DNS, check the box that says "Use the InterNIC".

    Add the IP addresses of any nameservers that your ISP provided to you under "Alternate Domain Name Servers", click on STORE, then COMMIT, and commit the changes.

  13. Configuring your client machines :

    Setting up your client machines correctly is important in order for them to correctly reach outside of your network.

    If you setup the internal NIC of your NetMAX Fire Wall at 192.168.0.1/255.255.255.0, you will need to make sure that your client machines are setup to be in the same network. So, a client machine should have an ethernet NIC with the IP/netmask of 192.168.0.2/255.255.255.0, and another client machine could be setup as 192.168.0.3/255.255.255.0. You will also need to ensure that each client is "physically" connected into the same network (plugged into the same hub or switch as the internal NIC).

    It is also important that your client machines point to the correct router (or gateway) and DNS. Both of these (default router/gateway and DNS) need to be set to the IP address of the internal NIC on your NetMAX Fire Wall.

    When configuring the web browser on your client, set it up to access the Internet directly, and not through a proxy server. By default, the NetMAX is NOT a proxy server; it is a router.

Note: In your two NIC setup, the external NIC that is the connection to your provider is the interface that has NAT enabled and any firewall rules setup on it. On the internal NIC, you do not enable NAT and you do not setup firewall rules. Also, make sure that your clients can get out to the Internet before setting up your firewall rules. This will make it easier to determine if it is a firewall rule that is interfering with their ability to access the Internet.

<Back>


Documentation Notes:

New! NetMAX Web Site Setup "How-To" Guide.

NetMAX DNS Setup "How-To" Guide.

NetMAX Firewall Rules "How-To" Guide.

The configuration documentation has both pre-install and post-install information.

NetMAX user manuals and installation manuals are available online.
Cybernet Systems CorporationAll NetMAX materials are copyright, Cybernet Systems Corporation. Copyright Notice