[Glastonbury] Questions(animation)

Maurice Onmaplate glastonbury at mailman.lug.org.uk
Thu Jul 24 20:31:01 2003 

> DO NOT USE A WINDOWS PRODUCT AS A FIREWALL.  GIVEN
> MICROSOFT'S
> CURRENT RECORD ON MAJOR SECURITY PATCHES, YOU'D SOON
> WISH
> YOU HADN'T CONSIDERED THE IDEA [Just my 0.02 Euro :)
> ]
> 

I've used the XP built in firewall with no trouble,
but then I've also before that gone online with no
firewall, don't see a differance.

> If you're going to build a machine to connect you to
> cable/ADSL.

Was not my plan.  But maybe it should be...
> 
> Build a box with two network cards.  Run SuSE /
> Smoothwall / homebrew
> Linux.  Set the box up as a firewall with iptables
> and masquerading.
> [Potentially the cable modem may have some of this
> functionality:
> it may not.]

I have Suse virtuially NO experianc eof Linux and no
idea what masquerading is, or how iptables work!

> 
> Register one of the  NICS with the cable company (if
> that's how they
> authenticate you - one of my colleagues said "What
> MAC address would
> you like the card to have" when asked :) ).  

They register the modem ip and the pc ip, the former
they supply as well.

> 
> The reason they say Windows is because they are used
> to a Windows setup 
> routine in their software.  Most cable modems also
> have a web interface.

Yes, they ar not really computer people...Web
interface?  You mean you can use a web browser to
configure them????

> 
> Set up the "outside world" card to pick up its
> address via DHCP
> from the cable modem.  Set up the "inside card" with
> an IP from the
> private address ranges (10.0.0.0, 172.16.???.???,
> 192.168.1.0), feed
> this into a network hub/switch and let your other
> machines plug into the 
> hub. [You might conceivably have to play around with
> a small 
> button/switch on the hub itself to allow you to use
> straight cables 
> throughout and avoid a crossover]  

No such switch on hub it's a simple cheap one.  No
switches at all, but could, concievably have some
software configuration.

> 
> Set up the firewall with your ISP's nameservers in
> /etc/hosts unless
> you want to be clever and run your own DNS server
> for "inside your 
> network".
>
Remember I have installed Linux twice but all I have
ever done with it is set up a user, nothing more.  My
knowledge is ZERO!
 
> This is essentially the setup I have - a PPro 200
> with 80M of memory,
> a 500M disk and a minimalist firewall.
>

So with this setup, a Linux firewall with 2 network
cards I can access the net from any PC/Linux/Mac or
whatever box on my home network?  [We have 4 machines,
3 printers, lol].
 
> 
> HTH,
>

Well now I know what I should set up, and the cable
guys return Thursday so I have 6 days and seven nights
to get the thing setup.  I presume they will bring
software for a PC to drive the cable modem?

What worried me was that if I register an IP address
and then that card fails do I then have no way to get
on net?  If the new card can be given the same address
I suppose that fixes it.  All very strange for a fixed
cable installation!

Thanks
Steve

[I'll have to get started and ask for help as I go :)]
> Andy
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com