Hopefully somehere can direct me to where this should be posted or
answer it directly. I'm looking to my Gentoo box to solve the problem
described below:
First:
My home lan looks like:
INTERNET
|
DSLMODEM
|
------------- NETGEAR FVS318 fw/router---------------
| | | | |
Mch1 Mch2 mch3 mch4 mch5
Lin win win win win
Gentoo
Machines 3-5 are heavy hitters for graphics work and are heavily
loaded with such things as Photoshop, vegas, canopus Edius, Adobe
Illustrator and the like.
I don't want to have to worry about spyware,adware,virus prevention
firewall stuff competing for resources with the graphics tools.
Instead I'd like to prevent those three from contacting the internet.
I want to isolate mch3-5 to only the local network.
That is, only mch 1 (a linux) machine and mch2 (a winxp pro) machine,
should be able to freely access the internet. (Making those secure
while doing so is not dicussed here) 3-5 should only be able
to talk to/from the local net.
I realize this would not be true isolation as anyone getting to 1-2
would have access to 3-5, so all bets are off if that should happen.
Its more about having to worry about downloads or link clicks etc with
unwanted results.
The Netgear FVS318 appears not to be able to do this for me. But I
could be wrong there. I see no options that look usefull for it.
Blocking of sites might do it but appears it would be a long process
setting it up.
I'd happily hear that the router can do this.
=====================================================
I'm turning to my gentoo box for a solution.
However, I'm not interested in setting it up as the router for
everthing and ditching the NETGEAR. Its to convenient having
something the size of a medium book that makes no noise or heat but
can keep all but the most dedicated of script kiddies of my network.
I'm thinking I could route machines 3-5 thru it as gateway.
The way I work, the gentoo box is always running. I would never be
using the others without it running, its just how I work.
I know already that Iptables can handle the rulesets needed to get
what I want. I'm not sure of the exact rules yet but believe it is at
least possible.
Now for the questions:
Can I route 3-5 thru the Gentoo box without changing the subnet
setup? That is, all still remain 192.168.0.0/24. And simply set
gateway on 3-5 to point at the gentoo box. Then setup IPtables to
prevent those machines from talking beyond local lan in or out.
Something like deny everything, then allow only a list of `safe' IPs
on the local lan.
So again:
Can I do all this without hardwiring 3-5 direct to the Gentoo box.
That is, just by setting it as gateway on each of them.
--
gentoo-user@gentoo.org mailing list
