Michael,
On Jul 21, 2009, at 9:21 AM, Michael Torrie wrote: > Kimball Larsen wrote: >> 192.168.0.1 is a WRT54G running OpenWRT with a firewall that I put >> together myself. (dangerous, in my experience). > > Oh, why is this? Because I don't speak firewall very well, and (as Hans can attest) frequently get it wrong. ;-) > >> a) Change the firewall on 192.168.0.1 to *only* allow traffic on all >> ports from 192.168.0.4. Refuse to even accept connections from the >> lan side from anything else. > > I'm sure you could do this with iptables and static routes, but > seems to > be pointless to me. If your hell-bent on doing this, just put your > lan > and silver on a different subnet and then standard routing applies, > although this seems overly convoluted. Here is a diagram of what I have settled on for the physical connections: http://www.kimballlarsen.com/plug/homeNetwork.png I want to keep the OpenWRT box there because it already handles all the port forwarding and nat for traffic to Silver. (web, mail, dns, etc), and I'd prefer to have something between the internet and a physical ethernet connection to silver. Call me paranoid. I also want to have 2 separate subnets so that when I have house guests with some technical ability they can't just change their gateway IP and circumvent the filter. The idea here, then, is to set up Silver to act as a router/gateway between 192.168.0.x and 192.168.1.x. Silver's eth0 will be 192.168.0.1, eth1 will be 192.168.1.2. Also, I want to set up content filtering for whatever a careful parent should be filtering for their house (web, im (if possible), mail? Others?) Now, though our approaches do differ a bit, I would be interested in seeing whatever portions of your configurations you are willing to share. Thanks! -- Kimball /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
