steve: i am not sure what you mean by forwarding. the two possibilities that come to mind are mail and ip forwarding. both are rather simple.
suggestion. use kernel 2.4.x and qmail (in place of sendmail) kernel 2.4.x will let you use iptables (better flexibility and security, though the learning curve is steeper than ipchains, imho). on the mail server side, use qmail and follow the directions meticulously that are found at http://www.lifewithqmail.org/ again, qmail is far and away more secure than sendmail. and it is almost a nobrainer to setup, if, and this is a big if, the instructions are followed. (after banging my head against sendmail a couple of weeks, i went to qmail and have never looked back. it now runs on all of my machines!) qmail is at http://cr.yp.to/qmail.html as to any other type of forwarding, i am not sure of the question. ip forwarding is fairly trival. you don't need to set up any routes in particular (other than the gateway, which you've properly identified!) if you would like, i can send you my iptables setup script. (change the 192.168.10's to 192.168.1's and you will pretty much have a base to build upon.) as to hardware, purchase what you can afford. switches are faster than hubs if you need the speed. i personally use netgear hubs/switches and 3com nics. as to routers, you probably don't need one (your gateway and iptables does that work for you!) a hub/switch/router that has a firewall in it seems to me to be just another level of complexity that i don't need or want. my servers are running iptables and provide that feature. if some evil one gets through that, then it's my fault. and i would in all likelyhood made the same mistake on the device with a built-in firewall. so why? "kiss" seems to apply here. On Tuesday 15 January 2002 01:07 pm, Stephen Gran wrote: > Hello all, > I'm getting ready to set up a home LAN, and I wanted to first check > that my assumptions are correct, and ask for any references that might > help with this. > The LAN will be: > A firewall, runny potato or woody (haven't decided yet, as I prefer the > stability of potato, but may need the newer dhcp-client to connect, > and may want a 2.4 kernel for NIC's). Will do nothing more than > firewall and forwarding, maybe mail serving if I hook a Doze box up. > My main workstation, runs woody. > A laptop, runs Win95 right now, but not for much longer. Distro TBA. > A dual boot Sid/Win98 box. > > The only shared services will be printing and 2 exported directories, > both coming off the main workstation. > > I think that the firewall box should be set up with 2 NIC's - eth0 > will be the external, and use dhcp. eth1 will be internal and have a > static address, and should have an /etc/network/interfaces like: > iface eth1 inet static > address 192.168.1.1 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 192.168.1.255 > Then configuring all the other boxen to staic IP's using 192.68.1.1 as > a gateway is trivial. The only thing I'm not sure of is, can I > specify what addresses are valid for forwarding? This is just a home > LAN, after all, and security within the LAN is not that important, but > it seems like there should be a way to specify "we forward for only > these addresses" somewhere. I know you can set it up with dhcp, but > if you use static addressing, is there such a way, without adding > routes manually? > > Second question: I've seen a bunch of of hubs out there, but I'd like > a few suggestions if you guys and gals don't mind. I'm inclined to > stay away from the USB and/or wireless ones. I've also read in some > of there specs that some have built-in firewalls, routing, and so > forth. Will any of the built in routing confuse the firewall's > routing? > Enough questions for now, but looking forward to your responses, > Steve -- regards, allen wayne best contractor, diagnostics and support tools "your friendly neighborhood rambler owner" "my rambler will go from 0 to 105" Current date: 33:26:13::14:2002 Ramblers -- Don't you wish everyone had one?
