|
public and private network
My boss is becoming a geek and begining to turn from the darkside. I started him off with live cd's. HE choose to install pclinuxos. Now he wants to put an antenna in his attic connected to a amp and share his internet connection with the world OH yea he also bought a file server to share also. Well he wants a private and public network with out piggybacking 2 routers. Basicly he is asking me to
figure out how to use a linux box as his gateway and protect his private network. I thought zone cd would do the trick but he is bucking the idea. So what "preferably" live cd solutions would work well? No my job is not in IT. No I won't loose my job over this, and YES He wants to set it up himself using me as tech support. Awkward but interesting. Yes I have told him sharing his connection might not win him any points with the ISP and If his file server is sharing movies/music/porn in may get him in hot water. |
Since piggybacking two routers would be easier putting his private network on the last router it can be done but will require some custom iptable building. Will require 3 nics. One to the internet one to the public and the other to the private side. Just have to enable so neither public or private can see each other just straight out to the internet and back. I have seen a script that might work but the link eludes me at the moment. Will post once I find it.
Brian |
I Agree piggyback but...
I do think the piggybacking idea is the simplest. My challenge is that my direct supervisor had an employee who jumped the chain of command to talk to this guy about tech stuff instead of getting his job done. In jan I'll start going to school for computer science and everyone knows that the top dog will talk tech all day long. I only get 5-30 min a week to talk to the guy with out stepping on toes. So having been in this position less than a month and getting him to at least try OSS is a big deal to me. Even though I told him that piggybacking was the right way to go I'm reluctant to discourage him from thinking outside of the box. An elegant way to implement this must be available. I was thinking of 2 nic's. 1 wan side the other to the router. Set up virtual networks to keep it separate.
Honestly this is way beyond me. I don't want anyone doing major research to answer the question. Right now I'm reading RUTE and have only spent and hour or so looking into my bosses problem. I hope this explains where things stand. I would like an answer to his problem but I am not willing to to spend more that 20/30 min a night thinking about it. |
You might have him check out MonoWall
http://m0n0.ch/wall/ I use it with a soekris 4801 and a 1621 card. However you could use it with just the 4801 from soekris or an old pc with 3 nics. One for ISP connection and 1 for private network and the 3rd for his public network. MonoWall is a great firewall/router based on BSD unix. |
Did not have access to my bookmarks at the time but you might review the multihomed script from this link. http://www.linuxguruz.com/iptables/
Brian |
Thanks I think I'll look into m0n0wall.I'd never been to linixguruz before. I think from the info on both sites I should be able to get it done.
|
A follow up. Some the problems we were running into were solved by putting the wireless routers in separate rooms. It seems that no matter what channels/mode we selected no one could connect. To much noise.
|
I would have suggested using something like smoothwall on a spare PC with 3 NIC cards..
eth0 - Public - Internet eth1 - DMZ - Locate Servers that provide services to Internet here. eth2 - Private - Private LAN connection. Other options can be found in many places.. http://en.wikipedia.org/wiki/List_of...twork_Oriented http://wiki.linuxquestions.org/wiki/..._distributions Or you could use a regular distro on a pc with 3 NICs and something like fwbuilder to create a comprehensive ruleset for iptables.. http://www.fwbuilder.org/ |
| All times are GMT -5. The time now is 10:35 AM. |