Creating an EigerStein Firewall: Changing the External IP Address(s)

Changing the External IP Address(s)

If you need to change the firewall's external IP address (on the Internet side), there are a number of things that you must do, both on the firewall, and with outside agencies. When working on the firewall, open the file listed above each table. Seek out the variable in the left column and change it as instructed in the right column.

Outside agencies:

Assuming you have servers in the private space which the public has access to (mail, ftp, www, etc.), you must coordinate your change with your ISPs (both former and new). The DNS records maintained by your Internet Service Provider (ISP) must be modified to account for the change. All traffic destined for your URL (whether it be web, e-mail, ftp, etc.) is directed to your current IP address(s) on the external side of the firewall. This change must be made by your ISP prior to the changing of the actual IP address on the firewall.
If you are changing ISPs: First, get your current ISP to change the DNS record information for you. Second, contact your new ISP, or Network Solutions to transfer authority of the DNS information to your new ISP.
In any case, the order for the DNS update should be scheduled for a Friday afternoon to allow a weekend's time for the changes to populate DNS servers throughout the Internet. You may also need to call a few days in advance to schedule the change.

On the Firewall:

/etc/network.conf

Locate this:	...And change it to this:
`eth0_IPADDR`	The new external IP address for the firewall (from block 1 on the Network Information Sheet).
`eth0_BROADCAST`	The new broadcast address for the firewalls external NIC (from block 3 on the Network Information Sheet).
`EXTERN_IP`	The new external IP address for the firewall (from block 1 on the Network Information Sheet).

/etc/seawall.conf (only if you are running Seattle Firewall)

Locate this:	...And change it to this:
`myip`	The new external IP address for the firewall (from block 1 on the Network Information Sheet).

If you are running Seattle Firewall and have set up a second external IP address):

In this file:	...Locate this:	...And change it to this:
`/etc/seawall/servers`	the lP address(es) for all ports in column 5	The new secondary external IP address for the firewall (from block 2 on the Network Information Sheet).
`/etc/seawall/nat`	all lP address(es) under the #EXTERNAL column	The new secondary external IP address for the firewall (from block 2 on the Network Information Sheet).

Now, regardless of which changes you were required to make, backup the firewall.

Contents

Changing the Internal IP Addressing Scheme

Changing the Remote DNS Server Addresses