hi,
Well u can do all that procedure which krishnan described or alternatively.. what u can do is u have to simply add two network card one on DSL Router and other for Internal LAN, download the firewall and NAT software (www.pmfirewall.org) i guess this software or rather script will save u frm lot of headache of writing firewall as well as masquerading scripts manually. (thats wat i have done @ my end as i also have 4 DSL connections)
(I have not mentioned about IP Forwarding and stuff to compile in the kernel coz in latest Linux Distribution it already gets compiled, the only thing is u have to enable it at run time and that too is easy if u look into the /etc/rc.d/rc.local or /etc/rc.d/init.d/network )
Best Regards, -Mitul Limbani (mitul 2 mitul.com) S. Krishnan writes:
--- Satya satyap@satya.virtualave.net wrote:
Hypothetically...
I have a DSL connection to the World. A hub is plugged into it, and 2-6 computers into the hub. Naturally, the computers have a class C (?) between them, which should not be routable from the World. The computers have their own connection to the World through the hub and DSL. I think the whole thing is a star topology, at least for the internal network.
Is what I have described above correct, and possible? I suppose ideally, one of the Linux boxen would get the DSL line and act as firewall to the rest through the hub?
Actually, one of your Linux boxes should be a double-homed host, with one network port (DSL modem, Ethernet, ppp, whatever) connected to your incoming line (DSL in your case) and the other port should be an Ethernet card which plugs into your hub. The toplogy is as follows: __________ ________ Hub | L N |Linux | |---------- O E ------|GW PC |--------|---------- C T DSL |________|eth0 |---------- A W Modem |__________ L K
Now... whichever way, how do I do it on Linux? ipchains alone is enough?
Now, just set a static route between the DSL interface and eth0, by using the "route add" command. You will have to enable IP forwarding in your kernel, and may have to recompile it with the right options if not already set. An ipchains script is necessary if you want to use NAT (network address translation), which allows local non-public IP address based PCs to connect to the world. I recommend that you read the HOWTOs on ipchains, IP Masquerading, transparent proxying etc to get background on this. You can also use a proxy server such as squid.
HTH,
Regards,
Krishnan
Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ _______________________________________________ Richard Stallman's Public Lecture 5pm 17th July, at TIFR. Linuxers mailing list Linuxers@mm.ilug-bom.org.in http://mm.ilug-bom.org.in/mailman/listinfo/linuxers