Hello,

I got some home computers that belong to a wireless network... they are all Windows machines, except one that’s got dual boot XP/Mdk 10.1 with kde 3.4.

Now when I want to share files and folders between my Windows boxes, but don’t want other users on the network to access my files I just setup my personal firewalls on all computers, so that only specific IP addresses can access my shares.

Ok, so my question is, how would I do this in Linux? How can I setup a firewall so that only the IP addresses I want, can access shares on my Linux box, and is it complicated?

Thanks.

You can use the iptables firewall to block connections from other machines. Note that this doesn't stop other people changing the IP addresses of their machines. If you really want things to be secure then copy the files using a secure protocol like scp or sftp.

Ever thought about making a dedicated firewall? For instance, set up one computer to run IPCop and set it up so that it only forwards certain IPs. Plus, you can always turn off the option.
I believe you can even filter MAC addresses. That would keep most people from getting in. Now, it is possible to spoof the MAC address. My philosophy: If wireless isn't absolutely critical (and it rarely is: i.e LAN with Neighbors), then run a wired network. Especially if you don't want others seeing what's going on. It's a little harder to break into a wired network than to break into a wireless! Even with WEP and WPA (w/o a Radius server that is), it is still fairly easy to get in.

I didn’t clear some things up... the wireless network that I’m connected to is a really large network, actually it belongs to my ISP. I have internet connection through that network, and users from around the city can basically see each others shared files. My local network computers are not connected wirelessly, then with UTP cables that are connected to my OvisLink AirLive and then OvisLink to my antenna that connects to my ISP’s Access Point and therefore all my computers are visible on their large wireless network ... anyway, its complicated... but the point is, I cant just block one or two IP address, because there are ALOT of them and I don’t even know what they are, instead I want my computers to block EVERY IP address except the ones I specify...

So… is that possible in Linux without knowing all the knowledge of the universe?

BTW, the users can’t change their IP addresses and still be a part of the network because my ISP doesn’t allow them to.

Literally, I would use IPCop. Let me give you an idea of how my network is setup:

I have my DSL modem (it's really just a router). From that I have 2 networks: 1- is my wireless, and only my laptop goes on that-for convenience only as I currently live in an apartment and cannot run wire and, 2- is my wired network. Now, if you were to see past my Modem, you would see only 2 Computers (if you saw the IPCop box at all). The cable coming off of my DSL modem is plugged directly into one of the NICs on my IPCop box. The other NIC (it needs 2) plugs into an 8 Port switch where my other 2 computers reside. All traffic, and IP address for that matter, all show as one machine on the DSL router.

Why am I telling you this. From your last post, it sounds like it would be super easy. All you have to do is place the IPCop box between your Ovislink-whatever and your hub/switch. In so doing, anyone wanting to get at your network would have to crack IPCop first. Believe me, it is pretty secure. It is it's own version of Linux and acts as a NAT/Gateway to another network. The machine doesn't need to be all that great, either. It has a web interface for the administration, but no GUI. You can even shut it down and restart it from the Web INSIDE YOUR network, not the outside one where everyone and their dog can see it.

Check it out:www.ipcop.org. Nicest thing is, once you get it installed and which Nics are which, you can begin surfing. It's ready to go out of the box and is rather secure that way.

Yes, I read what IPCop is and what does it do, but... I would have to have an extra computer just for IPCop, right?

Isn't it cheaper to put some free firewall on existing Windows box, like I did now?

BTW if I wanted to let someone else see my files outside my network could I do that with IPCop?

I'm just curious about these things, thanks for taking your time to answer my questions

Well, you don't need a brand new, state of the art box. Just find someone that is going to throw away an old computer. Take mine for example: I got mine from a friend who was just going to get rid of their old computer. It is running a PII and 32MB of RAM. All I had to do was find another PCI NIC. And I even got that for Free!!!

Yes, you can allow someone else access to your inside network. You can do that one of two ways: 1) you can use one computer as a file server (all it needs is a Share folder and you have a File Server) and forward the SMB ports to that one computer. Everyone can then see your stuff. 2) You can also set it up to use VPN.

What I love about my IPCop is like I already said. There is no way into my network (my wired one) unless you get around my IPCop. IPSpoofing won't work. You would have to physically get into my computer room and plug into the switch! Where my DSL connection is supposed to connect to a computer, it's plugged into my outside NIC of my IPCop! There is no hacking into it without cracking IPCop.

Ok thanks, thats all I wanted to know