LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 10-04-2013, 10:36 PM   #1
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.0/14.1
Posts: 3,476

Rep: Reputation: 532Reputation: 532Reputation: 532Reputation: 532Reputation: 532Reputation: 532
Isolating a single network computer


Looks like I need to learn Windows 7. Professional/work reasons.

Sigh.

I'm seeking advice from fellow Slackers who use Windows professionally. I'm concerned about security --- allow internet access yet ensure the new Windows system can't see my home network. I don't want to just deny access, I want the new system to see nothing of my home network.

At this point I don't know whether I can use a virtual machine (VM) or will need or be provided a separate physical machine. A VM using VirtualBox NAT mode would be an easy solution. Otherwise new territory for me to isolate the system yet still allow internet access.

My home network looks like this:

Code:
3 Computers <--> Linksys WRT54GL 1.1 (DD-WRT) <--> ISP VOIP router <--> ISP CPE <--> wonderful wacky web
                                        ^
                                        |
3 Computers, Printer <--> 1Gb Switch <--|

New computer --> ?
I can provide further details about my network as requested.

All links and advice welcomed. As always thanks for any help!
 
Old 10-04-2013, 10:48 PM   #2
NoStressHQ
Member
 
Registered: Apr 2010
Location: Lausanne - Switzerland ( Bordeaux - France / Montreal - QC - Canada)
Distribution: Slackware Leet - 32/64bit
Posts: 274

Rep: Reputation: 93
What do you mean be "isolating" exactly ? Why don't you want Windows to "see" the LAN ? Do you have a specific worry or is it just a MS scare ?

I use Windows professionally, and have Slackware as an hybrid native/vm guest, and I don't take any particular care about "paranoid security", I don't even have any antivirus system: they slow down too much my compile time (I compile HUGE projects). I just take care of my internet usage and what I install on my computer.

As far as there's a "gateway" and my Linux machines have selected services and open port, I might be "crazy" but I don't feel any risk. Moreover I also count on being "partly anonymous", I'm not famous with a direct open machine on the internet, I doubt being targeted as an individual.

Beside I still have some tools to check malware and virus check on demand, only when I have some suspect software, which happens once in a... decade ?

But if I can give you a hint for your question, not being sure if it answer your concern, you might want to setup some kind of VPN.

Garry.

Edit: in fact when I say I'm not paranoid it's not totally true, I really don't trust antivirus corporations .

Edit2: sorry, if it was blurry, I don't tell you there's no risk and that you shouldn't care, my question is "naive", in that I'm curious if you're thinking about a particular risk that I'd be blind to .

Last edited by NoStressHQ; 10-04-2013 at 11:11 PM.
 
Old 10-04-2013, 10:50 PM   #3
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 858

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
The best way to do that is probably to put the Windows machine on an isolated vlan. Do a Google search for dd-wrt isolate computer vlan, and you'll find lots of instructions.

One word of advice... make sure the Windows machine is wired directly to the DD-WRT router. If it shares some other switch with other computers on your network it might be possible for it to get around the restrictions.
 
5 members found this post helpful.
Old 10-05-2013, 02:22 PM   #4
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.0/14.1
Posts: 3,476

Original Poster
Rep: Reputation: 532Reputation: 532Reputation: 532Reputation: 532Reputation: 532Reputation: 532
Thanks Pat! I needed a few hours of reading to grasp the new topic, but vlan seems to be what I am seeking. After reading I also understand your point about true isolation. I'm glad there are so many clever people in the world who think of these kind of ideas.

I'm still hoping I can run everything from a VM, but if not then a vlan seems ideal. My router and switch ports are full so if a new computer is required rather than a VM then I'll have to buy a new switch anyway. I'll get a managed switch and likely install that between my router and VOIP router. That would keep the new system on a different subnet from my LAN as well as provide isolation.

In the mean time I can experiment and learn with my existing systems using the vlan options in dd-wrt. Even more cool, I think I read enough to appreciate that I likely can now create a guest wireless network for family when they visit to keep my LAN isolated.

Last edited by Woodsman; 10-05-2013 at 02:24 PM.
 
Old 10-05-2013, 02:55 PM   #5
jon lee
Member
 
Registered: Jul 2013
Posts: 81

Rep: Reputation: Disabled
I believe the easiest way is to use a gateway that allows multiple subnets (like pfsense). (and of course to put it on a different subnet IE. 10.1.x.x if your home lan is 192.168.x.x).

Edit: Apparently you can do it with dd-wrt. Looks scary.
http://www.coertvonk.com/technology/...-networks-5829

Last edited by jon lee; 10-05-2013 at 03:11 PM.
 
Old 10-05-2013, 05:24 PM   #6
Paulo2
Member
 
Registered: Aug 2012
Distribution: Slackware current(32) (started with 13.37(32))
Posts: 122

Rep: Reputation: 27
I don't have any experience with ipv6, but I've read discussion that since Windows 7 (or Vista)
ipv6 comes enabled by default, so some people say that they block ipv4 but Windows hosts
can access the local network through ipv6.
I don't know if this is true, just saying what I've read
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help isolating debian server from rest of home network? jddancks Linux - Networking 5 02-08-2013 05:26 PM
Looking for a single board computer papul1993 Linux - General 11 01-19-2012 08:40 AM
Isolating an untrusted network while retaining access from specific PCs lapoltba Linux - Networking 5 09-26-2010 09:44 PM
Isolating part of a network default5 Linux - Networking 2 04-08-2010 06:49 PM
Single Board Computer evilrabbi Linux - Hardware 2 02-06-2007 06:13 PM


All times are GMT -5. The time now is 06:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration