[LAD] [ot] - NEED some security advise PLEASE! + new question
Fernando Lopez-Lezcano
nando at ccrma.Stanford.EDU
Mon Feb 16 18:30:47 UTC 2009
On Sun, 2009-02-15 at 23:08 +1100, Steve Lindsay wrote:
> On Sun, Feb 15, 2009 at 9:57 PM, Fons Adriaensen <fons at kokkinizita.net> wrote:
> >
> > A weakly related OT question:
> >
> > I need to set up a machine as a router. One side is
> > a fixed public IP address, the other side is a local
> > net using 192.168.1.x. I want to give internet access
> > to the machines on the local net, so this requires
> > (AFAIK) NAT. Anyone has a pointer to a good tutorial
> > about how to do this ?
> >
>
> I find shorewall is the nicest way to go about this sort of thing. You
> write some fairly straightforward configuration files describing your
> setup and what you want to achieve, and it handles all the iptables
> configuration for you. Easy to setup, easy to maintain, easy to modify
> when your requirements change (if you want to do some port forwarding
> etc.).
>
> http://www.shorewall.net
Second that, it's what we use. But I don't use it as a NAT gateway.
For an internal authenticated "guest" network for wired/wireless laptop
access + NAT for outgoing stuff we use chillispot
(http://www.chillispot.info/), you need two network interfaces and
chillispot manages a dhcp server for the internal side and tunneling to
go outside. Users see a "login screen" through any browser where they
can enter their account name and password and then they are granted
access to the network (I did use shorewall in the gateway machine to
manage firewalling). In our own machines I set up a static route to the
"internal" 192.x.x.x network so that laptops are reachable from our
linux workstations.
-- Fernando
More information about the Linux-audio-dev
mailing list