Well your ASCII diagram doesn't exactly show what you word in your email... but... your solution might be as simple as this:
++++++++++++++ ++ Internet ++ ++++++++++++++ || ++++++++ +++++++++ +Linux + ...DMZ... +FreeBSD+ (holds a +FW/GW + +httpd + public address) ++++++++ +++++++++ || -> NAT (Network ++++++++ Address + HUB + Translation) + or + +Switch+ ++++++++ / | | \ / | | \ PC PC PC PC (All PCs hold private addresses) || = Ethernet and ... = Ethernet -- NOTE: Hopefully the diagram didn't get too munged in text formatting -- Now all your PCs can still share files via Net BIOS and you can share an internet connection that is protected by a firewall. If you require servers that are accessible by the outside (HTTPd, SMTPd, FTPd...) Then you'll need a DMZ as shown by the dotted connection. But I'm a bit confused by your "only one Ethernet connection in my lab" statement. I assume you mean only one Ethernet connection in your lab to the rest of the network at large -- and not -- We run token ring in the lab, but have an Ethernet connection to the outside. If so, you should be fine with the above. I feel I would be remiss if I didn't say that using a Linux firewall like iptables, ipchains, and fwtk (or any firewall product for that matter) can be a daunting task for a neophyte. In MANY cases the added security and logging of a non-appliance based firewalls may not be required for what you do. Deploying a Linux box (Solaris box, Win2K box), whether acting as firewall or not, haphazardly is not a very responsible thing to do either for yourself, your group or the rest of the internet at large. Its a question you'll have to ask yourself... If your really interested in building AND maintaining a firewall for your group, I'd suggest at least getting and reading http://www.oreilly.com/catalog/fire2/. > -----Original Message----- > From: Juan Mejia P. [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 17, 2001 11:50 PM > To: [EMAIL PROTECTED] > Subject: Secure ftp server? > > > Hello guys, > I need to set up a way to share files between my win box and > the rest of the Lan at my department. Recently I set a linux > box to act as a firewall and gateway to share the only > one ethernet > connection in my lab, I know a hub would have been a better > solution to share one internet connection but it was sort of > a challenge for a beginner in linux: > > LAN ******* > internet ******* ******* *******-----* win1* > ---------*win *---*win *----*linux* ******* > (no prot- ******* ******* *******-----------******* > ection) * win2* > ******* > > > The problem now is that I am no longer able to share files > using the (in)famous network neighborhood, I have thought of > a ftp server but I am afraid of hackers as I still don't have > enough knowledge to properly secure the linux box. Up to now, > I have no services (so no open ports) on this linux but I am > in need of some way to share the files between the two > computers behind the firewall and the rest of the boxes > outside it. > > Please help me pointing me to a right solution: is ftp the > way to go?, could it be ssh? (but I don't want to give users > a shell, only need they be able to access some files from my > computer and viceversa). > > thanks in advance for your help > > Best regards and greetings from Chile, > > Juan mailto:[EMAIL PROTECTED] >