Alan, I'm doing exactly what you want to do. My ISP is Sprint Broadband (formerly Speedchoice). First, you have picked the appropiate hardware - a 486 makes a great router/firewall/server. You will want two NICs in it. One should be a 10MB/sec to connect to the DSL external modem, and the other will be to connect to your internal network and can be a 10MB, 10/100 or 100, depending on what you think you need internally. I have gotten by rather well with cheapo ($10/NIC) Dlink, Linksys, SMC, etc NICs. 10MB has been entirely sufficient for me and I have 8 machines on the internal network. I've found that the plain old NE2000 compatible NICs are easily supported, but you may have to manually configure if you only have an ISA bus. Also, an 8 port rj45, 1 port bnc hub can be had for about $40 if you for a 10MB internal network. I also run RH 6.2. your firewall will consist of a startup script (calling ipchains many times) to do packet filtering and masquerading, and possibly a tcpwrappers config file set as a second level of protection. I set up my firewall script from the following site: http://linux-firewall-tools.com/linux/firewall/index.html The two tcpwrapper scripts you need could look like: /etc/hosts.deny ------------- ALL : ALL /etc/hosts.allow -------------- ALL : 192.168.1.0/255.255.255.0 127.0.0.1 Assuming your internal network is 192.168.1.x, the above two files will allow any connections from your internal network to inet daemons, but will prevent any other access to those daemons. You will also need to think about whether you want to run an internal DNS, web server, sendmail or some other email MTA. Also, you want to consider whether you want your internal clients to run pop or imap. Also, you probably want to get openssh and possibly openssl for secure access from the outside. Also, Samba is a must if you have windows machines on your internal network, and can be very helpful even if you don't. and don't be without Webmin: http://www.webmin.com/webmin/ for system administration. With webmin, I run my 486 from a browser - the machine has no KB, mouse or terminal. Definitely, you should apply for your own domain name. I'm sure I've forgotten many little things. It's so much fun, I can't get it all into one email :-) If you would like to discuss my experiences with all this, don't hesitate to email. I can send you sample config files, etc. -Doug Winterburn Date: Mon, 31 Jul 2000 13:07:58 -0700 To: plug-discuss@lists.plug.phoenix.az.us From: "Alan Dayley" Subject: Newbie firewall/masqarade/proxy confusion Reply-To: plug-discuss@lists.PLUG.phoenix.az.us I confess to being a MS user for, low, many years. I am now coming into the Linux light! It is making computer exciting again. I am scheduled to get DSL with a static IP in a week or two. As a first Linux learning experience, I have setup an old 100MHz 486 PC, 32MB RAM, 1.5GB hard disk space, 2 16-bit Intel network cards, VGA, mouse, blah, blah... with RedHat 6.2. X still does not work but that is not important now. My intention is to have this little PC be a firewall for my other computers to share the DSL connection. My confusion is this: I am finding in my readings that what I thought was a firewall maybe something more. I am still trying to understand the differences between the terms firewall, masqarading, routing and proxy server. Maybe the confusion is from the fact that configuring TCP/IP is still a new thing to me along with Linux. What I want to make is my Linux box providing a single "presence" to the internet while the workstations "behind" the Linux box can surf and do email without being "visible" to the internet. What combination of firewall/masqarade/proxy stuff do I need? Remember, I am a newbie, be kind. Alan /------------------------------------------ |Alan Dayley www.adtron.com |Software Engineer 602-735-0300 x331 |ADayley@adtron.com | |Adtron Corporation |3710 E. University Drive, Suite 5 |Phoenix, AZ 85034 \-------------------------------------------