-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 23 Feb 2004 11:06:11 -0400
"Alberto Santana"
Internet | | | eth0 (public IP) Firewall/dhcp server | eth1 (192.168.1.1) | | Hub/Switch<--- Internal network (20-30 PC's)
We are setting up a firewall/dhcp server. The dhcp server will run on eth1 and I think I know how to set it up (it seems to be easy with Yast2). SuSEfirewall will see eth0 as the external interface and eth1 as the internal. How do we pass the internet traffic from eth1 to eth0? Is it by setting the public IP to be the gateway for eth1? Is it possible to prevent certain PC's from having access to the internet? Your gateway has to do with the routing table not the interface. You will have a routing table that looks somewhat like this: Destination Gateway Genmask Iface aa.bb.cc.00 0.0.0.0 255.255.255.0 eth0 0.0.0.0 aa.bb.cc.dd 0.0.0.0 eth0 192.168.1.0 192.168.1.1 255.255.255.0 eth1
Your gateway to the local net is eth1, your gateway to all other
networks is your public IP (aa.bb.cc.dd).
Each of the PCs will use 192.168.1.1 as the gateway.
You should also be able to deny any host of group of hosts from using
the Internet.
I would also suggest that you use a switch and not a hub because a
switch will always run the best speed/duplex for each of the attached
machines, where a hub will generally run at the duplex/speed of the
slowest connected PC. So, if most of the systems are 100Mbps full
duplex, but one PC is 10Mbps half duplex, with a hub (in general) your
entire network would be 10Mbps. (Some hubs are more switchlike).
- --
Jerry Feldman