On Sat, Nov 27, 2010 at 5:03 PM, Kenneth Gonsalves <[email protected]> wrote: > I went there to complete the install, I find he has connected the > broadband modem to the hub and all the windows machines as well as both > the lan cards on my machine to the hub.
Nothing is stopping you from rewiring it the right way. To enforce any form of network security or access control for WinXP machines, you need physical isolation between the modem and the WinXP machines. Connect the modem to eth0 and the hub* to eth1 of your Linux server. This ensures that the only physical path out to the internet is through your Linux server. If you are running NAT on the modem, then do not NAT, only route traffic on your Linux server. Do not do double NAT -- once on Linux server, and once on DSL modem. Let the DSL modem alone do NAT. Create the networks as follows: modem LAN -- 192.168.1.1/24 Linux WAN (eth0) -- 192.168.1.2/24, default gateway set to 192.168.1.1 Linux LAN (eth1) -- 192.168.2.1/24 WinXP clients -- 192.168.2.x with default gateway set to 192.168.2.1 Set a static route on your DSL modem for 192.168.2.x/24 subnet through 192.168.1.2 as gateway. Ensure your WinXP clients can ping 192.168.1.1 (modem) as well as internet IPs. > In these circumstances, can I > get the windows machines to access my linux box? The hub is 192.168.1.1 > and my box has the ip 192.168.1.2 - and the windows machines get > 192.168.1.x. If this is possible, how? It's bad practice to have 2 router in a single subnet which are gateways for each other. Eg. Win XP machines will use 192.168.1.2 (linux) as default gateway to internet. Linux uses 192.168.1.1 (modem) as default gateway. Return packets from modem should ideally use the same path back to WinXP machines through the Linux server. But your in network the WinXP machines and modem are in the same subnet and directly reachable. Your Linux machine will never see return packets from the modem back to WinXP clients. You end up with asymmetric routing, and that's something you should do only if you know exactly what you are doing. * the word "hub" really gives away your IT legacy :-) Even the cheapest network devices today are switches, and hubs belong to a bygone era. - Raja _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
