On Sat, 2010-11-27 at 23:22 +0530, Raja Subramanian wrote: > On Sat, Nov 27, 2010 at 5:03 PM, Kenneth Gonsalves > <[email protected]> wrote: > > I went there to complete the install, I find he has connected the > > broadband modem to the hub and all the windows machines as well as > both > > the lan cards on my machine to the hub. > > Nothing is stopping you from rewiring it the right way.
the authorities are stopping me - I am not the sysadmin there, and the people maintaining it do not want to do it my way - and I cannot really protest since I am not the maintainer. > To enforce any form > of network security or access control for WinXP machines, you need > physical > isolation between the modem and the WinXP machines. Connect the modem > to eth0 and the hub* to eth1 of your Linux server. This ensures that > the only > physical path out to the internet is through your Linux server. that is how I planned to do it > > > If you are running NAT on the modem, then do not NAT, only route > traffic > on your Linux server. Do not do double NAT -- once on Linux server, > and > once on DSL modem. Let the DSL modem alone do NAT. > > > Create the networks as follows: > > modem LAN -- 192.168.1.1/24 > Linux WAN (eth0) -- 192.168.1.2/24, default gateway set to 192.168.1.1 > Linux LAN (eth1) -- 192.168.2.1/24 > WinXP clients -- 192.168.2.x with default gateway set to 192.168.2.1 > > Set a static route on your DSL modem for 192.168.2.x/24 subnet through > 192.168.1.2 as gateway. > > Ensure your WinXP clients can ping 192.168.1.1 (modem) as well as > internet IPs. that is how I have always done it > * the word "hub" really gives away your IT legacy :-) Even the > cheapest > network devices today are switches, and hubs belong to a bygone era. I belong to a bygone era. I stopped doing this sysadmin stuff in 2006 and swore never to do it again. -- regards KG http://lawgon.livejournal.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
