|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Re: DSL she no go...
|
On Wed, 8 Dec 2004, Doug Crompton wrote:
> Well the thread should now be "DSL she goes" !!
>
> An update on DSL here.... Modem arrived last Friday. Installed and up in
> one hour. Transistion from PPP to DSL was a little rough but only because
> it had been 10 years since I had changed my nameserver setup and I failed
> to do the prior steps that would have made it faster. So it took 3 or 4
> days to process all the steps and for it to propagate.
Cool!!
> It is now 100% onto DSL. Linksys BEFRS41 as the front-end. Local NAT LAN
> on inside. Static LAN IP assignment. Port forwarding to Linux server box.
>
> I am getting consistent 200Kbyte download rates from a MS HD video site. I
> guess this translates to about 2 Mbits.
>
> The outside sees my current (1) static IP address from the linksys and it
> sure seems like a fairly tight front-end. It sure is easy to use unlike
> Linux FW. Call it FW for dummies I guess.
>
> I do have five other IP's sitting there for the taking. I would like to
> put another Ham radio box online outside the NAT FW. I am not sure how I
> would do this in the current setup though. I don't think the Linksys can
> be made to pass the IP's unless NAT is turned off, which would defeat my
> reason for having it there. Can you put a switch ahead of the GW/router,
> between it and the DSL modem, and hang another system (Linux or GW/router)
> off another port of the switch? It would just MAC/DHCP for it's IP like
> the Linksys does now. Like:
>
>
> -------------
> | | ----------- ------------
> | DSL MODEM |-----------| Switch |----------| GW/router |-local
> | | | | | REAL IP | NAT lan
> ------------- | | | DHCP/MAC | Linux
> | | ------------ Server
> | | -------------
> | |--------| Another |
> | | | GW/router |
> ----------- | or Linux |
> | | Real IP |
> | | DHCP/MAC |
> Etc. -------------
>
Ditch the LinkSys and put a linux box with multiple interfaces in where
the switch is. Then get fwbuilder or one of the many other gui firewall
managment programs out there and you can do pretty much whatever you want.
You can do a minimal installation of the distro of your choice on the firewall
box and then run fwbuilder on a machine that has X installed on it. Fwbuilder
has a built in install script that allows you to install and activate the new
rules via an ssh tunnel. It is GPL and there is even a precompiled version
available for windoze (for a small fee).
IMO, writing iptables scripts by hand is for the most part to painfull to be
useful for the average person.
If you have an old 486 laying around and some time to play you can even get
one of the uClibc based distros (I have used bearing in the past) and build
a router on a floppy disk.
HTH,
Tom
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|