firewall for small local network

Hi,
So far my local network consists of just one pc connected to the
'server' (another linux pc) which has a broadband connection to the
internet. I am planning to add a second pc to the local network and I
would like to have both of them masqueraded. I'm using the rc
firewall-2.4-stronger script (FQVER=0.73s) that came with the
slackware 9.0 distribution. It has a bunch of statements referring to
$INTIF, which is the nic on the server connected to the single local
network pc. My plan is to add a second variable $INTIF_1, which would
be the new nic on the server to the script and mimic all the lines such
as
$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
with
$IPTABLES -A INPUT -i $INTIF_1 -s $INTNET -d $UNIVERSE -j ACCEPT.

My questions are: will this work ok and is there a better way, other
than buying additional hardware, to accomplish my goal?
Thanks, JWC

In article <bW8_a.86796$(E-Mail Removed)>,
john connolly wrote:
> internet. I am planning to add a second pc to the local network and I
> would like to have both of them masqueraded. I'm using the rc

And you're adding a third NIC to the server? You could just use a hub or
switch and keep the LAN on a single physical segment.

> firewall-2.4-stronger script (FQVER=0.73s) that came with the
> slackware 9.0 distribution. It has a bunch of statements referring to

I think you got that somewhere else. I don't have that.

> $INTIF, which is the nic on the server connected to the single local
> network pc. My plan is to add a second variable $INTIF_1, which would
> be the new nic on the server to the script and mimic all the lines such

That should work, but be very careful with the "!" (negation) operator.
Perhaps somewhere it has a DROP rule for "--state NEW -i ! $INTIF". That
would block $INTIF_1 unless a prior ACCEPT rule lets it in/through.

> My questions are: will this work ok and is there a better way, other
> than buying additional hardware, to accomplish my goal?

Ah, so disregard the switch suggestion.

This is probably as good as any solution. You could make a bridge (a
single virtual interface comprising the 2 internal NIC's, which joins
the separate segments into a single logical network.) That would be more
work, but better if you need broadcast among the client machines.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply