Setting up Win2k machine as broadband gateway machine

Hi

I curently run a network like this:

---| ADSL ROUTER | --+
|
--+--
NIC 1
--+-- L
| I
| N
--+-- U
NIC 2 X
--+--
|
|
--+-----------
HUB
--------------
| | | |
| | | |
PC1 PC2 PC3 PC4


The Linux machine has 2 NICs - one connected to router, one to hub into
which the rest of the internal network connects. The linux machine runs
Suse 7.3 and uses the Susefirewall2 software to filter out unwanted
traffic.

This machine is having some hardware problems and I cannot really afford
to be without it. SO I thought I might bring an old Win2k PC into
service. This currently has only 1 NIC.

I am assuming that I could bring this into use by doing the following:
1) Install and additonal NIC
2) Configure the new NIC with the gateway IP address as used on the
linux machine

What else would I have to do? What would you suggest as reasonable in
terms of firewall software (inherently more vulnerable being a windows
o/s I guess).

I *could* of course install Linux onto this machine but I'm after a
"quick and dirty" for the duration whilst the other machine gets fixed-
up.

Can anyone point me at suitable articles on the net for implementing a
configuration like this?

thanks for any help

--

jeremy

Jeremy <(E-Mail Removed)> wrote:
> Hi
>
> I curently run a network like this:
>
> ---| ADSL ROUTER | --+
> |
> --+--
> NIC 1
> --+-- L
> | I
> | N
> --+-- U
> NIC 2 X
> --+--
> |
> |
> --+-----------
> HUB
> --------------
> | | | |
> | | | |
> PC1 PC2 PC3 PC4
>
>
> The Linux machine has 2 NICs - one connected to router, one to hub into
> which the rest of the internal network connects. The linux machine runs
> Suse 7.3 and uses the Susefirewall2 software to filter out unwanted
> traffic.
>
> This machine is having some hardware problems and I cannot really afford
> to be without it. SO I thought I might bring an old Win2k PC into
> service. This currently has only 1 NIC.
>
> I am assuming that I could bring this into use by doing the following:
> 1) Install and additonal NIC
> 2) Configure the new NIC with the gateway IP address as used on the
> linux machine
>
> What else would I have to do? What would you suggest as reasonable in
> terms of firewall software (inherently more vulnerable being a windows
> o/s I guess).
>
> I *could* of course install Linux onto this machine but I'm after a
> "quick and dirty" for the duration whilst the other machine gets fixed-
> up.
>
> Can anyone point me at suitable articles on the net for implementing a
> configuration like this?
>
Is cost a big consideration? If not then I'd simply replace the "ADSL
ROUTER" with a better one that has a proper firewall (e.g. Draytek or
Zyxel maybe). Then you don't need the separate firewall in the Linux
system at all.

--
Chris Green

In article <dtuif9$d74$(E-Mail Removed)>, says...
> Is cost a big consideration? If not then I'd simply replace the "ADSL
> ROUTER" with a better one that has a proper firewall (e.g. Draytek or
> Zyxel maybe). Then you don't need the separate firewall in the Linux
> system at all.
>

So then I'd plug the router directly into the hub and it would become
the sole protector of the (internal) network? Currently intrnal network
has IP addreses of the 192.168.xxx.yyy form - could this set-up persist
(I don't have a dhcp server)?

The ADSL router is "Billion DSL VPN Firewall Router" supplied by my ISP
but I don't think it is configured beyond the basics.

--

jeremy

In article <dtuif9$d74$(E-Mail Removed)>, says...

> Is cost a big consideration? If not then I'd simply replace the "ADSL
> ROUTER" with a better one that has a proper firewall (e.g. Draytek or
> Zyxel maybe). Then you don't need the separate firewall in the Linux
> system at all.
>

Actually I should have pointed out that the Linux machine is also a
local SMTP server and had mirrored disks which are shared as network
drives using Samba. So it is more than just a machine for routing and
filtering.

--

jeremy

Jeremy <(E-Mail Removed)> wrote:
> In article <dtuif9$d74$(E-Mail Removed)>, says...
> > Is cost a big consideration? If not then I'd simply replace the "ADSL
> > ROUTER" with a better one that has a proper firewall (e.g. Draytek or
> > Zyxel maybe). Then you don't need the separate firewall in the Linux
> > system at all.
> >
>
> So then I'd plug the router directly into the hub and it would become
> the sole protector of the (internal) network? Currently intrnal network
> has IP addreses of the 192.168.xxx.yyy form - could this set-up persist
> (I don't have a dhcp server)?
>
Yes, that's the idea, and you can almost certainly keep the same IP
addresses.

> The ADSL router is "Billion DSL VPN Firewall Router" supplied by my ISP
> but I don't think it is configured beyond the basics.
>
It could well be that this router will have a perfectly adequate
firewall built in, it sounds as if it does from its name. How do you
configure it, do you have any documentation?

--
Chris Green

Jeremy <(E-Mail Removed)> wrote:
> In article <dtuif9$d74$(E-Mail Removed)>, says...
>
> > Is cost a big consideration? If not then I'd simply replace the "ADSL
> > ROUTER" with a better one that has a proper firewall (e.g. Draytek or
> > Zyxel maybe). Then you don't need the separate firewall in the Linux
> > system at all.
> >
>
> Actually I should have pointed out that the Linux machine is also a
> local SMTP server and had mirrored disks which are shared as network
> drives using Samba. So it is more than just a machine for routing and
> filtering.
>
That's fine, it's what I do on my home network, but put the Linux box
on the hub behind the firewall with all the other machines and use the
router as your firewall. Unless you have *really* complex firewall
requirements (and really know what you're doing as well) this is much
simpler and probably safer too.

--
Chris Green

In article <dtv0sf$gug$(E-Mail Removed)>, says...
> It could well be that this router will have a perfectly adequate
> firewall built in, it sounds as if it does from its name. How do you
> configure it, do you have any documentation?
>


Yes I do have user guide and CD ROM so will have a peek in there - the
device was supplied preconfigured by the ISP so I am asking them for
advice (and also the admin password!).


--

jeremy

Jeremy wrote:

> Hi
>
> I curently run a network like this:
>
> ---| ADSL ROUTER | --+
> |
> --+--
> NIC 1
> --+-- L
> | I
> | N
> --+-- U
> NIC 2 X
> --+--
> |
> |
> --+-----------
> HUB
> --------------
> | | | |
> | | | |
> PC1 PC2 PC3 PC4
>
>
> The Linux machine has 2 NICs - one connected to router, one to hub into
> which the rest of the internal network connects. The linux machine runs
> Suse 7.3 and uses the Susefirewall2 software to filter out unwanted
> traffic.
>
> This machine is having some hardware problems and I cannot really afford
> to be without it. SO I thought I might bring an old Win2k PC into
> service. This currently has only 1 NIC.
>
> I am assuming that I could bring this into use by doing the following:
> 1) Install and additonal NIC
> 2) Configure the new NIC with the gateway IP address as used on the
> linux machine
>
> What else would I have to do? What would you suggest as reasonable in
> terms of firewall software (inherently more vulnerable being a windows
> o/s I guess).
>
> I *could* of course install Linux onto this machine but I'm after a
> "quick and dirty" for the duration whilst the other machine gets fixed-
> up.
>
> Can anyone point me at suitable articles on the net for implementing a
> configuration like this?
>
> thanks for any help
>

If you are happy using and configuring Linux as a firewall you might be better
using a Linux live CD firewall as a temporary replacement. Something like
Sentry http://www.sentryfirewall.com/docs.html. This isn't a recommendation, I
don't use it myself.

Google for Linux live cd firewall and you will find various links to follow.

--
Nigel Wade

In article <dtv9m7$77b$(E-Mail Removed)>, Nigel Wade says...
> Google for Linux live cd firewall and you will find various links to follow.
>


Many thanks.


--

jeremy

Jeremy <(E-Mail Removed)> wrote:
> Hi
>
> I curently run a network like this:
<snip>
> What else would I have to do? What would you suggest as reasonable in
> terms of firewall software (inherently more vulnerable being a windows
> o/s I guess).

Also.
Consider that if the old PC uses 50W, a router uses 10W, then over a
year, it'll be about the same as a new broadband router.