-   Linux - Networking (
-   -   separating connections (

[AdultSwim] 04-14-2007 10:06 AM

separating connections

I need to share my internet connection with other computers than my own but I want to keep their computer separated. I want to give them full access to the internet but don't want them to be able to access my computer, server, and file share services. And I also wanted to make it impossible to sniff data from my PCs

Should I create a proxy?. If so should I use squid or something else.

Thanx in advance

theNbomr 04-14-2007 11:36 AM

Assuming you are talking about a home internet connection using DSL, and that 'your' system is some kind of Linux, you should install a second ethernet, and make your Linux system a firewall/router. One ethernet connects to the DSL modem, and the other connects to a hub/switch in your LAN. My recommendation for a ready-made package that does a good job of this is There are other similar packages, some having GUI configuration tools. Maybe others will point out some of these. Come back here with specific configuration questions, should you have any.

--- rod.

[AdultSwim] 04-14-2007 11:44 AM

Yes, i am talking about a home network and I use Linux.

Thanx for the help

shahz 04-14-2007 12:10 PM

Well yes you can use proxy squid and still if you play with the iptables you can share the internet to other NIC

acid_kewpie 04-14-2007 12:41 PM

well squid won't give you "full" internet access, only http ftp etc... and if you're conencting all machines to a switch, not a hub then as long as they don't mess about with that switch you can't be sniffed either. finally, use a decent iptables setup on your machine to stop them getting in. that's what it's there for.

theNbomr 04-14-2007 12:48 PM

Just to clarify, HomeLanSecurity is a package that 'plays with the iptables'. Creating an iptables configuration that works and is secure takes a lot of knowledge. That is why I recommend using a mature package that has withstood the scrutiny of experts over time. HLS is not the only such package out there, simply the one I like and have used. I don't use squid, but my understanding of it is that it is mainly a proxy server, and serves little or no routing or firewalling purpose. As such it may be useful in addition to an iptables based router, but not as a replacement alternative. Someone correct me if I'm wrong on this.
--- rod.
EDIT: Of course, while I wrote this, acid_kewpie was swooping in to answer a priori.

All times are GMT -5. The time now is 11:08 PM.