On Tue, Jan 15, 2002 at 04:07:35PM -0500, Stephen Gran wrote: <snip> > Then configuring all the other boxen to staic IP's using 192.68.1.1 as > a gateway is trivial. The only thing I'm not sure of is, can I > specify what addresses are valid for forwarding? This is just a home > LAN, after all, and security within the LAN is not that important, but > it seems like there should be a way to specify "we forward for only > these addresses" somewhere. I know you can set it up with dhcp, but > if you use static addressing, is there such a way, without adding > routes manually?
Not sure I understand your question completely, but firewalling rules can certainly distinguish between machines that are allowed to send and receive packets vs. machines which aren't. You're going to be running either ipchains or netfilter anyhow; if you want egress rules as well as filtration on inbound traffic you can certainly do that. > Second question: I've seen a bunch of of hubs out there, but I'd like > a few suggestions if you guys and gals don't mind. I'm inclined to > stay away from the USB and/or wireless ones. I've also read in some > of there specs that some have built-in firewalls, routing, and so > forth. Will any of the built in routing confuse the firewall's > routing? Again I'm not sure I understand fully; to have a LAN, you need a network hub (or more likely these days, a switch). To connect your LAN to the outside world, you'll need something that acts as a router and/or modem. There are lots of products now being marketed which fill both of these roles, but if you plan to make a Linux firewall then you don't need your router-or-whatever to act as a firewall and you don't need your hub-or- whatever to act as a router; you just need a device (probably provided by your ISP) to take your inbound pipe and convert it to a format (presumably ethernet) which your Linux box can handle. Any cable modem, DSL router, ISDN modem or whatever should do that. Just tell the nice man from the ISP that you're hooking up a single machine to the connection (your firewall). From the inside-facing NIC of the firewall, hook into your LAN hub, and away you (all) go. Good luck --michael
