[prev in list] [next in list] [prev in thread] [next in thread]
List: ilugc
Subject: Re: [Ilugc] lan with windows machines
From: Kenneth Gonsalves <lawgon () thenilgiris ! com>
Date: 2010-11-29 2:59:16
Message-ID: 1290999444.2137.307.camel () localhost
[Download RAW message or body]
On Sat, 2010-11-27 at 23:22 +0530, Raja Subramanian wrote:
> On Sat, Nov 27, 2010 at 5:03 PM, Kenneth Gonsalves
> <lawgon@thenilgiris.com> wrote:
> > I went there to complete the install, I find he has connected the
> > broadband modem to the hub and all the windows machines as well as
> both
> > the lan cards on my machine to the hub.
>
> Nothing is stopping you from rewiring it the right way.
the authorities are stopping me - I am not the sysadmin there, and the
people maintaining it do not want to do it my way - and I cannot really
protest since I am not the maintainer.
> To enforce any form
> of network security or access control for WinXP machines, you need
> physical
> isolation between the modem and the WinXP machines. Connect the modem
> to eth0 and the hub* to eth1 of your Linux server. This ensures that
> the only
> physical path out to the internet is through your Linux server.
that is how I planned to do it
>
>
> If you are running NAT on the modem, then do not NAT, only route
> traffic
> on your Linux server. Do not do double NAT -- once on Linux server,
> and
> once on DSL modem. Let the DSL modem alone do NAT.
>
>
> Create the networks as follows:
>
> modem LAN -- 192.168.1.1/24
> Linux WAN (eth0) -- 192.168.1.2/24, default gateway set to 192.168.1.1
> Linux LAN (eth1) -- 192.168.2.1/24
> WinXP clients -- 192.168.2.x with default gateway set to 192.168.2.1
>
> Set a static route on your DSL modem for 192.168.2.x/24 subnet through
> 192.168.1.2 as gateway.
>
> Ensure your WinXP clients can ping 192.168.1.1 (modem) as well as
> internet IPs.
that is how I have always done it
> * the word "hub" really gives away your IT legacy :-) Even the
> cheapest
> network devices today are switches, and hubs belong to a bygone era.
I belong to a bygone era. I stopped doing this sysadmin stuff in 2006
and swore never to do it again.
--
regards
KG
http://lawgon.livejournal.com
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic