Linux router/firewall box for shared Internet access from 3 separate LANs?
Hi all,
I'm looking to set up an old box as a router/firewall running Linux in some form. I've looked at Smoothwall but it doesn't seem to do exactly what I want. I want to set up 3 private subnets, all of which will use this box as their gateway for Internet access using NAT, and a basic firewall to prevent uninvited IP traffic entering any of the subnets. So the box will have 4 NICs, with the following IP addresses: eth0: <public IP> --> Internet (via DSL modem) eth1: 192.168.1.1 --> subnet #1 (192.168.1.0/24) eth2: 192.168.2.1 --> subnet #2 (192.168.2.0/24) eth3: 192.168.3.1 --> subnet #3 (192.168.3.0/24) However, I don't want any IP traffic at all flowing from one subnet to another (they will be in 3 separate flats in the same building, the occupants of which do not know each other). Ideally, I'd also like to have a DHCP server running on the box to give out appropriate IP addresses to machines on each subnet. Smoothwall seems to be geared towards the idea of protecting a single internal LAN (the 'green' interface) from the Internet (the 'red' interface), rather than multiple Internal LANs from the Internet *and* from each other. Does anyone know of a free distro that would allow me to build this sort of setup easily? Many thanks in advance |
Re: Linux router/firewall box for shared Internet access from 3 separate LANs?
Quote:
-o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -i eth2 -s 192.168.2.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -i eth3 -s 192.168.3.0/24 -o eth0 -j MASQUERADE Quote:
Quote:
Quote:
|
Many thanks newpenguin - as you can probably tell, I'm rather new to all this 'iptables' stuff...
Cheers, |
if u asking about distribution then simply use slackware.
|
iptables -t nat -A POSTROUTING -i eth1 -s 192.168.1.0/24
-o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -i eth2 -s 192.168.2.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -i eth3 -s 192.168.3.0/24 -o eth0 -j MASQUERADE I have done with 1 postrouting on the main "everybody" out eth0 for all subnets . iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE ... ... just opinion ! |
All times are GMT -5. The time now is 10:37 PM. |