Re: [PLUG] Home network advice

LeRoy Cressy on Thu, 14 Feb 2002 17:10:20 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Home network advice

From: LeRoy Cressy <lcressy@telocity.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Home network advice

Date: Thu, 14 Feb 2002 11:05:38 -0500

Organization: L & R Associates

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Why not make your linux box a firewall router to protect your windows machines. +------------+ +-------------+ +------------+ | DSL | | Linux | | Hub/ |---> 192.168.1.1 | Modem |---| Firewall |----| Switch |---> 192.168.1.2 +------------+ | 2 NIC's | +------------+ +-------------+ With connecting a HUB/Switch directly to the DSL Router you have no security on your network at all. With the above design the Linux box can act as the following: Firewall Router NAT gateway Mail Server Web Server SAMBA Print server SAMBA File server And whatever else you want With this configuration you can use iptables or ipchains depending on what kernel you are using to create your firewall rules and NAT. The two NIC cards in the Linux box are configured as follows: eth0 connected to the DSL Box with the IP address assigned by the isp. eth1 connected to the switch with whatever IP address you want to assign to it. You can use a private IP address to save cost. Iptables will convert private network addresses to the real IP address using SNAT. Also iptables will provide the security for your network. Now you can attach as many computers to your HUB/Switch as there are connections. Also with NAT you don't need to ask for another IP address for every computer you add to the network. On each computer you have connected to the HUB/Switch you should set up the following: eth0 will have 2 IP addresses. The first is the local IP address and the second is the ip address assigned by the ISP. This is done like this: ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 route add 192.168.1.0 netmask 255.255.255.0 eth0 route add isp-address eth0 route add default gw isp-address eth0 Now all of this should be added in a startup script that is initiated upon system boot. For the windows machines set up static routes for them with the gateway being the real ipaddress assigned by the isp. Now I realize that this is a lot to swollow, but you are at serious risk connecting your HUB directly to the DSL bridge. (It really is not a modem) I hope that this helps a little For HOWTO's read: http://www.linuxdoc.org/HOWTO/mini/Domain.html http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html http://netfilter.samba.org/documentation/HOWTO//packet-filtering-HOWTO.html http://netfilter.samba.org/documentation/HOWTO//networking-concepts-HOWTO.html http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html Now go home and read all of the above and you will know more about networking than you ever thought possible. -- Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\ http://www.netaxs.com/~ldc ( o.o ) Phone: 215-535-4037 > ^ < Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] Home network advice
From: "Gregory T. Weber" <angler@speakeasy.net>

Prev by Date: Re: [PLUG] Wouldn't a news service be more appropriate?

Next by Date: [PLUG] Wouldn't a news service be more appropriate?

Previous by thread: Re: [PLUG] Home network advice

Next by thread: [PLUG] Home network advice

Index(es):

Date

Thread