Thus spake Michael Jinks: > On Tue, Jan 15, 2002 at 04:07:35PM -0500, Stephen Gran wrote: > <snip> > > Then configuring all the other boxen to staic IP's using 192.68.1.1 as > > a gateway is trivial. The only thing I'm not sure of is, can I > > specify what addresses are valid for forwarding? This is just a home > > LAN, after all, and security within the LAN is not that important, but > > it seems like there should be a way to specify "we forward for only > > these addresses" somewhere. I know you can set it up with dhcp, but > > if you use static addressing, is there such a way, without adding > > routes manually? > > Not sure I understand your question completely, but firewalling rules > can certainly distinguish between machines that are allowed to send and > receive packets vs. machines which aren't. You're going to be running > either ipchains or netfilter anyhow; if you want egress rules as well > as filtration on inbound traffic you can certainly do that. > > > Second question: I've seen a bunch of of hubs out there, but I'd like > > a few suggestions if you guys and gals don't mind. I'm inclined to > > stay away from the USB and/or wireless ones. I've also read in some > > of there specs that some have built-in firewalls, routing, and so > > forth. Will any of the built in routing confuse the firewall's > > routing? > > Again I'm not sure I understand fully; to have a LAN, you need a network > hub (or more likely these days, a switch). To connect your LAN to the > outside world, you'll need something that acts as a router and/or modem. > There are lots of products now being marketed which fill both of these > roles, but if you plan to make a Linux firewall then you don't need your > router-or-whatever to act as a firewall and you don't need your hub-or- > whatever to act as a router; you just need a device (probably provided by > your ISP) to take your inbound pipe and convert it to a format (presumably > ethernet) which your Linux box can handle. Any cable modem, DSL router, > ISDN modem or whatever should do that. Just tell the nice man from the > ISP that you're hooking up a single machine to the connection (your > firewall). From the inside-facing NIC of the firewall, hook into your > LAN hub, and away you (all) go. I see in rereading my own email, I was less clear than I should have been. What I was attempting to ask was, "do I have to do anything on the firewall box to specify that I have 3 rather than, say, 8 boxes connected to the hub?" It appears not, from the replies. My second question should have been, "If I see a cheap hub/switch on sale, but it has a built in firewall or routing scheme, should I go ahead, or steer clear?" It appears the answer is that it won't hurt the box, but perhaps my head. Thanks all who responded, I really must stop writing email between nightworks. Steve -- Never try to teach a pig to sing. It wastes your time and annoys the pig. -- Lazarus Long, "Time Enough for Love"
Attachment:
pgpQ0ugMroKHQ.pgp
Description: PGP signature