Hi I have successfully set up a Linux box to masquerade our internal network to the internet via ISDN. Spurred on by this success, I would now like to help a friend do a similar thing with his network, the difference being that his network will be connected to another network in the same building in order to share their leased line access. As I understand it, this requires a machine with two network cards, one connected to his setup, and the other connected to the hub of the second network. Am I correct in assuming that the procedures for getting this to work are much the same as I have gone through with my own masquerading setup? i.e. 1. I should use IPchains via SuSE firewals to set up masquerading; 2. The network card which points to his internal network should be assigned its own address; 3. Now the problem : should the second card which points to the network using the leased line have an address on that internal network or the IP address assigned by the ISP for the leased line? 4. Also, how does one setup an effective firewall that will be sufficient to protect my friend's network? 5. What kind of machine (specifications) will be needed to achieve all of the above if all it does is route traffic between the two networks? Thanks for your help - I hope I have stated my questions clearly enough! Grant R Walton --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.198 / Virus Database: 95 - Release Date: 00/10/04 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="MSHTML 5.00.2722.2800" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Hi</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I have successfully set up a Linux box to masquerade our internal network tothe internet via ISDN. Spurred on by this success, I would now like tohelp a friend do a similar thing with his network, the difference beingthat his network will be connected to another network in the same buildingin order to share their leased line access. As I understand it, thisrequires a machine with two network cards, one connected to his setup, andthe other connected to the hub of the second network. Am I correct inassuming that the procedures for getting this to work are much the same as Ihave gone through with my own masquerading setup?</FONT></DIV> <DIV><FONT face=Arial size=2>i.e. 1. I should use IPchains via SuSE firewals to set upmasquerading;<BR> 2. The network card which points to his internal network shouldbe assigned its own address; 3. Now the problem : should the second card which points to thenetwork using the leased line have an address on thatinternal network or the IP address assigned by the ISP for the leased line? 4. Also, how does one setup an effective firewall that will beufficient to protect my friend's network? 5. What kind of machine (specifications) will be needed toachieve all of the above if all it does is route traffic<BR>between the two networks?<BR>Thanks for your help - I hope I have stated my questions clearly enough!</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Grant R Walton<BR></FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>---<BR>Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (<A href="http://www.grisoft.com">http://www.grisoft.com</A>).Version: 6.0.198 / Virus Database: 95 - Release Date: 00/10/04</DIV></FONT></BODY>
Hi You can set up the SuSE firewall the same way you did for the ISDN connection, but substitute eth1 or whatever for the ISDN interface. ie the external network is the LAN, and the internal network is your friend's LAN.
i.e. 1. I should use IPchains via SuSE firewals to set up masquerading;
Yes, you need 1 IP address on the 'parent' lan which is your external IP for NAT. Masquerade all addresses behind this address.
2. The network card which points to his internal network should be assigned its own address;
Yes, I'm guessing 192.168.x.x would do, just make sure its on a different subnet to the 'parent' LAN.
3. Now the problem : should the second card which points to the network using the leased line have an address on that internal network or the IP address assigned by the ISP for the leased line?
This should have the address on the 'parent' lan.
4. Also, how does one setup an effective firewall that will be sufficient to protect my friend's network?
There's really no difference between routing between ISDN and network and LAN-LAN. Just don't allow anything in unless its needed, paying special attention to DNS/SMTP/etc.
5. What kind of machine (specifications) will be needed to achieve all of the above if all it does is route traffic between the two networks?
Any old machine with 2 NICs, I've acheived this with a 486 before now :-) You probably only need 10Mbps NICs too, unless they've got a crazy leased line :-) Then set the default route for your LAN to be the internal IP of the router, and everything should be great! Hope this helps - John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (2)
-
johnc@gamesdomain.com
-
ncfcrh@global.co.za