I'm looking for a little clarification or further suggestions
regarding something I want/need to set up.
Background:
I currently have a single machine running RedHat 6.0.
My Internet connection is via a cable modem (i.e. DHCP).
I only have a single NIC in the machine, but it is attached
to a hub that also has my JetDirect print server on it
(using IPX, so it doesn't try to grab another DHCP lease,
and so I haven't thus far had to do any IP aliasing or
anything). Current setup looks kinda like this:
+-----------+
| hub |
+-----------+
| | | +-----------+
| | +-------| JetDirect |
| | +-----------+
| |
| | +-------+
| +---------| Linux |
| +-------+
|
+-------------+
| cable modem |
+-------------+
|
|
Internet
What I'm trying to do:
I need to add a second machine (NT unfortunately) to
this network, with access to HTTP, IMAP/POP, and maybe
a couple other services (dns, telnet, ftp, xntp, etc.).
I've only got one DHCP lease, though, and don't really
want to have to pay for another, so I'm figuring I'll
turn the Linux box into some sort of firewall/gateway/router
combination. The way I see it, I've got several options:
1) turn Linux box into a very secure firewall with
the necessary proxy servers added on top
2) turn Linux box into a "slightly less secure" (?)
firewall, and do IP masquerading so the NT
box has more-or-less "direct" access rather
than proxy access
3) fire up an old 486 box and make it into the
firewall/proxy/masquerading box
I want to have basically no incoming services allowed
(except maybe ssh) on the internet side of the Linux box,
but I do want to offer services from the Linux box to
the NT box (i.e. SMB especially, but I'll probably
use fetchmail to get mail for the NT box into a local
spool file and allow the NT box IMAP access from there
rather than IMAP directly out).
My questions:
1) Am I trying to cram too much on one box? Would I
be better with option (3) above to separate the
firewall function from the other functions I want
to run?
2) What are the benefits/drawbacks of options (1) and
(2) above? Is there any good reason to prefer one
over the other?
3) Can options (1) and (2) be realistically accomplished
with a single NIC using aliasing (i.e. can a DHCP
lease and a static 10.<whatever> address be maintained
reliably on the same physical interface? I suspect this
isn't really a problem.)? Would it be better to put
a second physical interface in the box?
4) Is there anything else I'm missing? I understand most
of the concepts involved here pretty well, but I've
never actually tried to set something like this up
before, and I'd prefer to at least have my ducks in
a little cluster before I start (if not completely
lined up...).
Thanks in advance for any help/suggestions you can offer.
tw
--
+------------------------------+--------------------------+
| Tim Walberg | Phone: 847-782-2472 |
| TERAbridge Technologies Corp | FAX: 847-623-1717 |
| 1375 Tri-State Parkway | [EMAIL PROTECTED] |
| Gurnee, IL 60031 | 800-SKY-TEL2 PIN 9353299 |
+------------------------------+--------------------------+
PGP signature
