Linux router

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mder.hans at <-
MDallas Helquist at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
Subject: Linux router
Am 08. Aug, 2002 schwätzte Alaric Fox so:

> I thought this would be quicker for me to implement, as I'm not
> super familiar with the administration-side of things. As I
> intend the system to be expandable, I planned to move to
> switched private networks later. However, after thinking about
> it, what you suggested is probably simpler. Let me make sure
> I'm clear on this:
>
>                                N1  N2
>       +---------+               |  |
>       |         |            +--------+
> ------| gateway |------------| switch |
>  eth0 |         | eth1       +--------+
>       +---------+               |  |
>                                N3  N4

>
> I bind eth0 whatever way I need to connect to my 'public'
> network, and I bind eth1 to two addresses, say 10.0.0.1 and
> 10.0.1.1. I then set N1 and N2 as 10.0.0.x/y using 10.0.0.1 as
> the default gateway and N3 and N4 as 10.0.1.x/y using 10.0.1.1
> as the default gateway. I set up all the net mask of all Nn as
> 255.255.255.0. This means that, even though physically
> conected to the same switch, N1 and N2 can talk to each other
> directly, but not N3 and N4 (and vice versa). In order to for,

You've understood what George was suggesting.

> say, N1 to talk to N3, I'd have my choice of just allowing it
> in the firewall software (which is what, btw? ipchains?), or
> requiring users to log into applications I create and run on
> the gateway?

I'm using rules that I originally created with FireStarter. It doesn't yet
understand more than two networks. It's easy to fix the script that
FireStarter creates, though.

You want to use iptables/netfilter on 2.4.x.

> If I want all machines to be physically separate, I just expand
> the example and put each node on its own subnet -- 10.0.n.x
> bind a default router on eth1 (10.0.n.1)?

Toss each of the internal networks on its own switch/hub.

> Of course, it may hinge on the availability of extra NICs vs.
> switches (and a hub just won't do, correct?). As this is an
> internal experiment, we're looking to use as many (i.e., all)
> in house parts as possible.

Hubs will work fine. It would be better to separate the networks if you use
a hub, though.

ciao,

der.hans
--
# https://www.LuftHans.com/
# The Internet is the front line of the battle
# to protect our freedom. -- Nathaniel Borenstein


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Lexmark printer problemGreetings->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)