LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 01-29-2007, 10:59 AM   #1
Geneset
Member
 
Registered: Jan 2007
Location: Athlone, ROI
Distribution: Ubuntu Hardy Desktop, Solaris 10, Workstation 2008 x64
Posts: 75

Rep: Reputation: 16
Question Single eth, 3 computers, HTTP proxy authentication.......


Ok, heres the problem.

I'm at university living in halls, with 2 computers atm and one spare for my idea....
We are given the standard proxy username and login based on our student numbers. Not SOCK or normal HTTP, but wen i first try to access a website i get redirected to another page (SSL certified) where i enter my username and password. I hav to do this every time i start up so i imagine its tied into the DHCP server.

ANYWAY atm the computer connected to the wall socket is WinXP pro with internet connection sharing running over a wireless connection to my laptop thats dual boot xppro and kbuntu. I want to maintain that connection, but its annoying that if i'm working on the desktop or experimenting with something new and i hav to reboot then i lose my internet connection to the laptop.

bearing in mind that some of the things I'm doing on the network arent exactly kosher compared to "standard student traffic", so I'd like a bit of separation and protection from the network.

What im thinking of is using a standard boring switch, setting up an old sony vaio laptop with [insert os here] to act as a gateway (possibly firewall/IDS) using 2 ip addresses on the same ethernet connection (thats my question, will that work?) one on the university ip net and the other on a separate local subnet (192.168.x.x)that will be used to connect to the other computers, including a DHCP and DNS server for the local net that wont interfere with the uni net.

basically my questions are this:

1)Will this work?
2)Any recommendations for distros/software packages?
3)How secure or separate will this setup be from the rest of the net?


If there is any ambiguities that need cleared up, reply and I'll post updates.
 
Old 01-29-2007, 04:40 PM   #2
bitva
Member
 
Registered: Dec 2002
Location: Los Angeles
Distribution: Debian
Posts: 72

Rep: Reputation: 15
You certainly can have multiple IP's on a network interface (called IP alias) however I don't think they can be from seperate networks. You'd probably have to have 2 network cards to do it, 1 for the university and 1 for you internal network.

If your laptop has a builtin NIC, look into getting a cheap PCMCIA NIC as well for the internal connection.
 
Old 01-29-2007, 07:08 PM   #3
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
The way you should do this is to have a dual NIC machine plugged into the uni network, with one card getting DHCP from the uni, then that box also acts as a router, and does DHCP for the client machines behind it. That box should also have IPtables installed, which is a software firewall.

No matter how you do this, you can't hide any traffic going to the internet from your uni. If you keep things to the LAN in your room that you can hide through IPtables, but I rather suspect what you are trying to do involves internet access, and since your internet is provided by the school, every single bit of data that leaves your room will be known to them. You'd need another internet feed into your room to hide from them.

Peace,
JimBass
 
Old 01-29-2007, 11:24 PM   #4
Geneset
Member
 
Registered: Jan 2007
Location: Athlone, ROI
Distribution: Ubuntu Hardy Desktop, Solaris 10, Workstation 2008 x64
Posts: 75

Original Poster
Rep: Reputation: 16
nearly but not quite

well, i suspected i'd need the 2 NIC, just wanted to see if its possible, i guess not.

Basically what i meant was that having the multiple boxes behind the single box would mean that if there ever WAS anything that they wanted to catch me up on, they cud never prouvve it was me directly, because since i hav the wireless on the desktop, i hav told thepeople on my floor that they can use it, what i meant was that having everything behind the vaio box, nothing cud be traced back past there? true/false
 
Old 01-29-2007, 11:59 PM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Completely false. You would still be responsible. Your front line device, this server being discussed, would get an IP from your school. Anything questionable would have as its last destination on their network, your machine with their IP address. I'll bet tons of money that they had you sign an agreement stating that you wouldn't use the connection for anything illegal. It won't matter if you're running a wireless access behind the connection, you would be responsible for securing that as well.

If it were a legal question, they could take the machine and check it dhcp logs and anything else to find what MAC was involved with anything illegal, but they could (and most likely would) catch you. it seems very black and white to me.

Peace,
JimBass
 
  


Reply

Tags
firewall, ids, network, subnet


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP/1.1 407 Proxy Authentication Required - Suse Linux Enterprise Desktop 10. ryzor Linux - Networking 10 10-17-2009 08:05 AM
LXer: Thales' single board computers available with Sysgo's ELinOS LXer Syndicated Linux News 0 12-01-2006 02:33 PM
mod_rewrite *and* http authentication belorion Linux - General 0 01-20-2005 04:05 PM
HTTP AUTHENTICATION with PHP lemotion Programming 1 04-22-2004 02:08 PM
multiple ip address for single eth interface blackhound Linux - Networking 2 02-25-2004 06:02 AM


All times are GMT -5. The time now is 12:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration