Linux home network
George Toft
plug-discuss@lists.plug.phoenix.az.us
Fri, 03 May 2002 08:43:23 -0400
> mikeb455 wrote:
>
> Hello everyone, this is my first submission. I would like to set up a home
> network for the purpose of sharing my DSL connection. I was ready to buy a
> router when I heard that that I could accomplih this with linux. Only two
> computers right now but I will be adding a laptop next month. My Linux box is
> running RH 7.2 with the network installation and two NIC cards installed. My
> windows machine has a card installed. I have a cable modem and network cables.
> I have already established a internet connection with eth0. How do I configure
> eth1? What else do i need to know? Will this require installing Samba?
> Your dealing with a newbie here guys, I hope this is not too lame of a
> question. I appreciate any help, Thanks
Hi Mike,
You are about to take the plunge into a very interesting world.
Congratulations!!!
A very good firewall (if I say so myself) can be built using these instructions:
http://georgetoft.com/linux/firewall/index.html
This was designed as a laptop firewall. I wrote these instructions to document
a strange project, then I used them as a restore procedure when I rebuilt the
firewall after the hardware failed. I updated them with the instructions for
a 2.4 kernel. If you feel overwhemled by this page, secure your box (next
paragraph) and then use the firewall script from the firewall page. Note:
This firewall forwards gnutella traffic to the inside. To remove that feature,
find the lines following "### GBT: Forward Gnutella" and remove them.
If you have any Linux box on the Internet right now, I recommend you spend a
few hours here: http://georgetoft.com/linux/security/index.html
and do what it says.
And if you want to check out a SOHO Lan that I built (with config files),
go here: http://georgetoft.com/network/index.html
Keep in mind this network was dismantled two years ago, so some of the
info has changed as it was based on 2.0 kernel software. Some of the
stuff is still accurate, like the DNS.
Since I'm plugging the hell out of my own site, you can also check out
http://georgetoft.com/linux/ and just look at the different stuff there.
Finally, DO NOT PUT SAMBA ON YOUR FIREWALL. There are some security issues
here. Just follow this simple thumbrule and you should be safe until you
gain experience: "Do not put any services on your firewall. Keep the firewall
just that - a firewall." There are those who would put a mail server on the
firewall to trap viruses and such - this is for advanced users. Some people
put squid (an http proxy) on their firewalls. The last squid vulnerability
proves this is not a good idea. The corollary to this thumbrule: "The more
services you put on the firewall, the more opportunities you give to the
'hackers' to get into your systems."
If you want, I will conduct a port scan of your box - send me your IP
address off line. In my experience, the services offered at
scan.sygatetech.com and grc.com (shields up) have proven effective in showing
you what services you need to disable, however, the nmap port scanner is more
thorough.
Regards,
George