Instaed of buying Netgear Router/4-port switch product, can I keep my Linux box the same functionality?

Instead of buying Netgear Rouer/4-port switch, can the same
functionality done buy a RH Linux machine(2-NIC) + switch(LAN
connections)?. This way I no need to change the Netgear box every two
years, Is there any disadvantage in this?. Only thing is, whether NAT
functionality provided by RH Linux?. Any idea?. Thanks.

vasanta wrote on 20.07.2004 15:24:

> Instead of buying Netgear Rouer/4-port switch, can the same
> functionality done buy a RH Linux machine(2-NIC) + switch(LAN
> connections)?. This way I no need to change the Netgear box every two
> years, Is there any disadvantage in this?. Only thing is, whether NAT
> functionality provided by RH Linux?. Any idea?. Thanks.

Shure. The provided firewall (iptables) can do NAT - alongside many
other things
Regarding your subject you seem to have some Linux experience. So it is
worth to explore iptables.
Some advantages of a Linux router over a small SO/HO router are:
- it's able to handle a far larger number of connections than a small
router. I hear filesharers with small routers always complaining about this.
- you are free to make your own rules, number of rules is not restricted
- you can do interesting things like port knocking
- you can do extensive logging

<http://www.netfilter.org/>
<http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html>
<http://iptables-tutorial.frozentux.net/iptables-tutorial.html>
<http://portknocking.org/>

--
Walter

Walter,

Thanks for your suggestion, I am new to Linux, I am learning, Instead
of buying security box from Netgear/D-link/Linksys, I just wanted to
make my own security box for my own network.

Only concern is, I am thinking of which one to install whether
RH/Debian/SuSE?. Incase if somebody has an idea, let me know.

vasanta wrote on 21.07.2004 13:38:

> Walter,
>
> Thanks for your suggestion, I am new to Linux, I am learning, Instead
> of buying security box from Netgear/D-link/Linksys, I just wanted to
> make my own security box for my own network.
>
> Only concern is, I am thinking of which one to install whether
> RH/Debian/SuSE?. Incase if somebody has an idea, let me know.

If you're new to Linux I suggest Fedora (=free Redhat). Very easy to
install, well maintained and has a huge community.
I'm working with this since the first stable version came out and I
simply like it.

<http://fedora.redhat.com/>

Walter

Walter,

Thanks for letting me know about RH Fedora Linux. If my
Firewall/Router/Gateway (Fedora Linux based) connected to to the
DSL-Modem at my home office (SOHO), can I access this Firewall box
remotely and configure it, do I have to install any special software
separately to remote access this Linux box?, also once I access
remotely and reboot that box then can I get the same IP addess (to
access again from remotely, probably telnet to this box based on IP
address)?.

Thanks in advance.

(E-Mail Removed) (vasanta) wrote in message news:<(E-Mail Removed). com>...
> Walter,
>
> Thanks for your suggestion, I am new to Linux, I am learning, Instead
> of buying security box from Netgear/D-link/Linksys, I just wanted to
> make my own security box for my own network.
>
> Only concern is, I am thinking of which one to install whether
> RH/Debian/SuSE?. Incase if somebody has an idea, let me know.

There are specialist distro/appliactions just to do this.
Look at www.ipcop.org or at www.smoothwall.org or at www.freesco.org
You can even buy IPcop on a card, so you don't need a hard disk
http://linitx.com/product_info.php?c...roducts_id=218

OK, you won't learn as much about firewalling and linux, but you will
be up very quickly on the hardware of your choice.

vasanta wrote on 22.07.2004 01:18:
> Walter,
>
> Thanks for letting me know about RH Fedora Linux. If my
> Firewall/Router/Gateway (Fedora Linux based) connected to to the
> DSL-Modem at my home office (SOHO), can I access this Firewall box
> remotely and configure it, do I have to install any special software
> separately to remote access this Linux box?, also once I access
> remotely and reboot that box then can I get the same IP addess (to
> access again from remotely, probably telnet to this box based on IP
> address)?.
>

Of course you can remotely control _any_ Linux
The special software is known as OpenSSH and comes with every Distro.
On a machine with changing IP address you may whish to sign up with a
free Dynamic DNS Service like www.dyndns.org.
NEVER use telnet, it is unencrypted.

Walter

Walter,

Well, I don't have my DNS server at my home office, my website is
maintained by third party (eventually after some time I might move it
to my home office), but for currently I have Cable modem which I want
to connect to my firewall/Router/Gateway (Linux based - 2 NIC cards,
one NIC to cable modem and other to the 8-port hub), so this way I can
connect all of my PC's to the hub. So this way, can I still access my
Linux box remotely (also I might update something on home office Linux
firewall box and reboot the box, once box boots up, I wanted to access
it from remotely) through SSH?.

At present my web site (www.abc.com is run by third party's machine, I
can ftp the files to that server. But eventually I wanted to my DNS
server in to my home network.

Thanks.

On Thu, 22 Jul 2004 18:33:41 -0700, vasanta wrote:
> Well, I don't have my DNS server at my home office, my website is
> maintained by third party (eventually after some time I might move it

Not particularly relevant.

> to my home office), but for currently I have Cable modem which I want
> to connect to my firewall/Router/Gateway (Linux based - 2 NIC cards,
> one NIC to cable modem and other to the 8-port hub), so this way I can
> connect all of my PC's to the hub. So this way, can I still access my
> Linux box remotely (also I might update something on home office Linux
> firewall box and reboot the box, once box boots up, I wanted to access
> it from remotely) through SSH?.

Sure, but keep in mind that if you can access it, then anyone else can
access it also. You should to something to restrict accesses to known
networks or some such.

Also, I would recommend that you NOT allow network login to "root", which
is a "well known account name". That means that any "cracker" just has to
guess (or steal) your password. If you login as a "normal user", the
"cracker" would have to first guess your userID AND the corresponding
password. Once you login yourself, you can use "su" to get root priviledge.

> At present my web site (www.abc.com is run by third party's machine, I
> can ftp the files to that server. But eventually I wanted to my DNS
> server in to my home network.

Why? If you intend to always have a cable modem connection, you can always
use their DNS server for internet address lookups and avoid extra bother.
As a part of the connection service, they have to provide DNS function.

--
Juhan Leemet
Logicognosis, Inc.