On Sat, 2010-11-27 at 23:22 +0530, Raja Subramanian wrote:
On Sat, Nov 27, 2010 at 5:03 PM, Kenneth Gonsalves
<lawgon@xxxxxxxxxxxxxxx> wrote:
I went there to complete the install, I find he has connected theboth
broadband modem to the hub and all the windows machines as well as
the lan cards on my machine to the hub.
Nothing is stopping you from rewiring it the right way.
To enforce any form
of network security or access control for WinXP machines, you need
physical
isolation between the modem and the WinXP machines. Connect the modem
to eth0 and the hub* to eth1 of your Linux server. This ensures that
the only
physical path out to the internet is through your Linux server.
If you are running NAT on the modem, then do not NAT, only route
traffic
on your Linux server. Do not do double NAT -- once on Linux server,
and
once on DSL modem. Let the DSL modem alone do NAT.
Create the networks as follows:
modem LAN -- 192.168.1.1/24
Linux WAN (eth0) -- 192.168.1.2/24, default gateway set to 192.168.1.1
Linux LAN (eth1) -- 192.168.2.1/24
WinXP clients -- 192.168.2.x with default gateway set to 192.168.2.1
Set a static route on your DSL modem for 192.168.2.x/24 subnet through
192.168.1.2 as gateway.
Ensure your WinXP clients can ping 192.168.1.1 (modem) as well as
internet IPs.
* the word "hub" really gives away your IT legacy :-) Even the
cheapest
network devices today are switches, and hubs belong to a bygone era.
