Thus spake Michael Jinks:
> On Tue, Jan 15, 2002 at 04:07:35PM -0500, Stephen Gran wrote:
> <snip>
> > Then configuring all the other boxen to staic IP's using 192.68.1.1 as
> > a gateway is trivial. The only thing I'm not sure of is, can I
> > specify what addresses are valid for forwarding? This is just a home
> > LAN, after all, and security within the LAN is not that important, but
> > it seems like there should be a way to specify "we forward for only
> > these addresses" somewhere. I know you can set it up with dhcp, but
> > if you use static addressing, is there such a way, without adding
> > routes manually?
>
> Not sure I understand your question completely, but firewalling rules
> can certainly distinguish between machines that are allowed to send and
> receive packets vs. machines which aren't. You're going to be running
> either ipchains or netfilter anyhow; if you want egress rules as well
> as filtration on inbound traffic you can certainly do that.
>
> > Second question: I've seen a bunch of of hubs out there, but I'd like
> > a few suggestions if you guys and gals don't mind. I'm inclined to
> > stay away from the USB and/or wireless ones. I've also read in some
> > of there specs that some have built-in firewalls, routing, and so
> > forth. Will any of the built in routing confuse the firewall's
> > routing?
>
> Again I'm not sure I understand fully; to have a LAN, you need a network
> hub (or more likely these days, a switch). To connect your LAN to the
> outside world, you'll need something that acts as a router and/or modem.
> There are lots of products now being marketed which fill both of these
> roles, but if you plan to make a Linux firewall then you don't need your
> router-or-whatever to act as a firewall and you don't need your hub-or-
> whatever to act as a router; you just need a device (probably provided by
> your ISP) to take your inbound pipe and convert it to a format (presumably
> ethernet) which your Linux box can handle. Any cable modem, DSL router,
> ISDN modem or whatever should do that. Just tell the nice man from the
> ISP that you're hooking up a single machine to the connection (your
> firewall). From the inside-facing NIC of the firewall, hook into your
> LAN hub, and away you (all) go.
I see in rereading my own email, I was less clear than I should have
been. What I was attempting to ask was, "do I have to do anything on
the firewall box to specify that I have 3 rather than, say, 8 boxes
connected to the hub?" It appears not, from the replies. My second
question should have been, "If I see a cheap hub/switch on sale, but
it has a built in firewall or routing scheme, should I go ahead, or
steer clear?" It appears the answer is that it won't hurt the box,
but perhaps my head. Thanks all who responded, I really must stop
writing email between nightworks.
Steve
--
Never try to teach a pig to sing. It wastes your time and annoys the pig.
-- Lazarus Long, "Time Enough for Love"
pgpGPg0NvAKc1.pgp
Description: PGP signature
