-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 15 January 2002 9:07 pm, Stephen Gran wrote: > Hello all, > I'm getting ready to set up a home LAN, and I wanted to first check > that my assumptions are correct, and ask for any references that might > help with this. > The LAN will be: > A firewall, runny potato or woody (haven't decided yet, as I prefer the > stability of potato, but may need the newer dhcp-client to connect, > and may want a 2.4 kernel for NIC's). Will do nothing more than > firewall and forwarding, maybe mail serving if I hook a Doze box up.
I have a single server/gateway/firewall box for my home network. I run woody (a bit out of date because of problems I have raised elsewhere) and 2.4.17 (the most stable of the 2.4 series - which I needed to be able to configure the firewall using iptables). As well as the iptables firewall/NAT it also runs the following services for the family - - fetchmail -> exim (with spam filtering) -> pop3/imap server (gets email for the whole family from a range of isps) - - leafnode/mailman (usenet news gated to mailing lists) - - dhcp server (for machines on the lan) - - name server (including a private .home domain for the home machines on the lan) - - ssh server (this is the only way into my machine from the outside) - -apache web server - -samba (domain controller) - -backup server (cron jobs to collect data from windows machines) I does all of this on a 128MB p2-400 with a couple of large disks (for backup data) without needing to catch breath. Since I have added some spam filtering it occassionally has to sweat a little when fetchnews dumps a large set of messages from the newsgroup through mailman and then out throught mail but apart from that it is very comfortable. > My main workstation, runs woody. > A laptop, runs Win95 right now, but not for much longer. Distro TBA. > A dual boot Sid/Win98 box. > > The only shared services will be printing and 2 exported directories, > both coming off the main workstation. > > I think that the firewall box should be set up with 2 NIC's - eth0 > will be the external, and use dhcp. eth1 will be internal and have a > static address, and should have an /etc/network/interfaces like: > iface eth1 inet static > address 192.168.1.1 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 192.168.1.255 > Then configuring all the other boxen to staic IP's using 192.68.1.1 as > a gateway is trivial. The only thing I'm not sure of is, can I > specify what addresses are valid for forwarding? This is just a home > LAN, after all, and security within the LAN is not that important, but > it seems like there should be a way to specify "we forward for only > these addresses" somewhere. I know you can set it up with dhcp, but > if you use static addressing, is there such a way, without adding > routes manually? > > Second question: I've seen a bunch of of hubs out there, but I'd like > a few suggestions if you guys and gals don't mind. I'm inclined to > stay away from the USB and/or wireless ones. I've also read in some > of there specs that some have built-in firewalls, routing, and so > forth. Will any of the built in routing confuse the firewall's > routing? > Enough questions for now, but looking forward to your responses, > Steve - -- Alan - [EMAIL PROTECTED] http://www.chandlerfamily.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8RSDI1mf3M5ZDr2kRAngTAJ91b3MtAYzrQLzJi9Jho++wb3VeJgCeM3+S kUWO+7D5e6xpQbyB50YottY= =tInX -----END PGP SIGNATURE-----
