On Lu, 26 iul 10, 23:12:48, H.S. wrote: > > I have configured my eth0 as 192.168.0.0/24 network device, eth1 as > 192.168.1.0/24 network device and wlan0 as 192.168.5.0/24. They can > be on any three different private subnets. Or use bridge-utils so you have only one interface on the private side. It makes configuration easier for all services, unless you want to separate the wireless and wired lan on purpose (security?). > The software I use for the machine to act as a router is iptables > with ip_forwarding enabled (this makes the machine as a gateway > router). And the various rules (for filtering or port forwarding or > blocking) are also done using iptables. > > There are many applications that can be used to create the desired > iptables rules. I use my own bash script. I am thinking of playing > with a GUI option when I get some time. I hear Firestarter is a good > choice. There is one called fwbuilder as well. A command line > firewall is shorewall. Most of these tools actually make it easier > to generate the iptables rules that one would otherwise need to > create by hand. If you do a google search, you can find many choices > for this and detailed how-to's. + 1 for shorewall, especially if you don't want/need a GUI. > Besides this, I also use dnsmasq as a dhcp server on the router > machine and this allows LAN clients to connect as dhcp client. Very + 1 for dnsmasq. Very easy to configure and provides DNS caching and DHCP in one. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature