On Sat, 25 Nov 2000, George Ferizis wrote:
> I basically wish to create a linux gateway out onto the internet. The linux
> box has a dedicated line to it.
>
> I do not really want a proxy/firewall setup as this can limit applications
> that can run on the rest of the network.
Do you have multiple "real" IP addresses? In other words - do you have a
subnet which is routed on the internet {I.E. _NOT_ a 10.x.x.x,
172.0-16.x.x.x or 192.168.x.x address range}?
If you don't, then what you want is impossible. You must have some form of
firewall present - if only to do network address translation, or ip
masquerading.
Even if you do have a number of legal IP's you can allocate to your
machines - be very, very careful what you leave open on them. Leaving a
net connection open without a firewall is an invitation to get your system
hacked.
> I would prefer the ability to have it act as a "transparent router" if
> possible. I believe this normally entails activating ip-redirects and
> ip-forwarding and then just pointing the other PCs on the network to the
> gateway. However I cannot see a facility to activate ip-redirects.
It is possible, but only if the conditions above are met. If you don't
have live addresses, then you need some form of firewall, as stated above.
And enabling it depends on your distribution and kernel. Some kernels are
configured not to route - most are not - and there's a flag in /proc that
you have to set, and I can't for the life of me remember which one it is!
I'm sure someone will tell you, though.
DaZZa
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
