Stephen Gran on 6 Jan 2008 08:27:51 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sharing an Internet Connection

On Sun, Jan 06, 2008 at 10:45:58AM -0500, holdenergy said:
> Hi - What might be the quickest/cheapest/easiest way to securely share an
> internet connection.

Linux machine NAT'ting for a LAN.

> Let me explain. In a shared community with only one DSL connection, multiple
> different entities connected through one DSL connection but requiring that
> records be kept for each port, so that in the extreme case of a visit from
> FBI/RIAA etc only that port is an issue. Ideally getting 2 IPs from the DSL
> provider would be perfect but that adds $$ if they'd even do it.

Have your firewall log the first packet of every outbound connection.
That way you always know the IP of the internal machine.  This doesn't
prevent things like mac address spoofing, but nothing does, so it's not
worth worrying about unless you have the need for some fairly
sophisticated security measures.

> Furthermore, we don't want one entity soaking up all available bandwidth, so
> what would be the device to throttle each port to a certain percentage of
> available, and we actually want to maintain a certain port dedicated for
> VOIP to ensure quality of service even if the DSL is otherwise at capacity.

Use tc. has some examples.

> I have not seen these features in consumer grade routers and I am not sure
> how far we have to step up to get it, or is there a Linux solution for which
> I'd be happy to re-purpose an old PC or laptop.

Easy enough to do with a linux baed firewall/router.
|  Stephen Gran                  | You cannot achieve the impossible       |
|             | without attempting the absurd.          |
| |                                         |

Attachment: signature.asc
Description: Digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --