Secure P2P with a Linux/XP network. Mad?
Posted on 2003-03-10
I am not looking for detailed help on the following, rather advice on wheteher the concept itself is sound or
somehow flawed. Or even to know if there is a simpler way to do what I want (probably!) ;)
I want to set up a 2 PC home network consisting of a Linux box connected one way to the WWW via a NIC and DSL modem
and the other way via a NIC/crossover cable to a Win XP Pro machine. I have a fair degree of XP experiwnce but very
little with Linux. My motivation is partly to learn more about Linux, networking and firewalls but also to run a P2P
client (Limewire or similar) on the Linux machine. I am very keen to keep P2P off the XP box itself.
The Linux 'gateway' machine would have 3 'states', interchangeable without a reboot if possible.
Linux box used as sole machine for all web browsing, email, FTP and P2P applications. Network to XP disabled.
Firewall on Linux box compatible with P2P client and single shared P2P folder with appropriate permissions. All
other files/folders logged on user only. Appropriate trojan/av soft.
NIC/DSL connection disabled. No firewall. XP/Linux network enabled. XP machine can see appropriate folders (x2) on
Linux box with permissions to transfer files. Virus/trojan checking on XP box.
Required to enable 'live update' of AV/OS and other soft on XP box.
Linux box 'bridges' DSL connection, via firewall, to appropriate named services on XP machine. P2P disabled (either
via firewall or kill client).
Linux box does not need to share other XP resources. No need for remote access.
I have a broad idea how to achieve the above (or where to find out how) from the configuration standpoint.
I hope from the above it's clear what I am trying to achieve. At no point do I want a 'live' connection to the XP
box when the Linux P2P client is active and any direct XP box connection to the WWW must be tightly controlled. No XP web browsing or email, just a handful of live update services.
Is this reasonable or way, way out? If OK, is anyone aware of any specifically relevant FAQs or HOWTOs?
Is this same level of security achievable another (simpler) way?
Will a standard Linux distro (mandrake, RH, Suse) suffice or do I need a 'hardened' kernel?
Thank you all very much for your time and opinions. Really.