Ok, heres the problem.

I'm at university living in halls, with 2 computers atm and one spare for my idea....
We are given the standard proxy username and login based on our student numbers. Not SOCK or normal HTTP, but wen i first try to access a website i get redirected to another page (SSL certified) where i enter my username and password. I hav to do this every time i start up so i imagine its tied into the DHCP server.

ANYWAY atm the computer connected to the wall socket is WinXP pro with internet connection sharing running over a wireless connection to my laptop thats dual boot xppro and kbuntu. I want to maintain that connection, but its annoying that if i'm working on the desktop or experimenting with something new and i hav to reboot then i lose my internet connection to the laptop.

bearing in mind that some of the things I'm doing on the network arent exactly kosher compared to "standard student traffic", so I'd like a bit of separation and protection from the network.

What im thinking of is using a standard boring switch, setting up an old sony vaio laptop with [insert os here] to act as a gateway (possibly firewall/IDS) using 2 ip addresses on the same ethernet connection (thats my question, will that work?) one on the university ip net and the other on a separate local subnet (192.168.x.x)that will be used to connect to the other computers, including a DHCP and DNS server for the local net that wont interfere with the uni net.

basically my questions are this:

1)Will this work?
2)Any recommendations for distros/software packages?
3)How secure or separate will this setup be from the rest of the net?


If there is any ambiguities that need cleared up, reply and I'll post updates.

You certainly can have multiple IP's on a network interface (called IP alias) however I don't think they can be from seperate networks. You'd probably have to have 2 network cards to do it, 1 for the university and 1 for you internal network.

If your laptop has a builtin NIC, look into getting a cheap PCMCIA NIC as well for the internal connection.

The way you should do this is to have a dual NIC machine plugged into the uni network, with one card getting DHCP from the uni, then that box also acts as a router, and does DHCP for the client machines behind it. That box should also have IPtables installed, which is a software firewall.

No matter how you do this, you can't hide any traffic going to the internet from your uni. If you keep things to the LAN in your room that you can hide through IPtables, but I rather suspect what you are trying to do involves internet access, and since your internet is provided by the school, every single bit of data that leaves your room will be known to them. You'd need another internet feed into your room to hide from them.

Peace,
JimBass

well, i suspected i'd need the 2 NIC, just wanted to see if its possible, i guess not.

Basically what i meant was that having the multiple boxes behind the single box would mean that if there ever WAS anything that they wanted to catch me up on, they cud never prouvve it was me directly, because since i hav the wireless on the desktop, i hav told thepeople on my floor that they can use it, what i meant was that having everything behind the vaio box, nothing cud be traced back past there? true/false

Completely false. You would still be responsible. Your front line device, this server being discussed, would get an IP from your school. Anything questionable would have as its last destination on their network, your machine with their IP address. I'll bet tons of money that they had you sign an agreement stating that you wouldn't use the connection for anything illegal. It won't matter if you're running a wireless access behind the connection, you would be responsible for securing that as well.

If it were a legal question, they could take the machine and check it dhcp logs and anything else to find what MAC was involved with anything illegal, but they could (and most likely would) catch you. it seems very black and white to me.

Peace,
JimBass