Solved

A Hard one.. Linux box directly hooked to WiFi Hotspot on ETH1 and ETH0 to local network to Intranet using VPN

Posted on 2004-04-07
1
272 Views
Last Modified: 2010-03-18
Ok, i've got a hard one for you guys, that's why i'm awarding 500 points.

This is my situation,

I have a linux box (redhat 9.0) with ETH1 connected directly to a Wifi hotspot, thru that hotspot i want 3 users to connect to the interanet (a exchange server) and all the others that connect to the hotspot directly to the internet WITHOUT them seeing the local network.

The setup now is like this,

Internet -> Windows 2000 server SBS -> localnet (192.168.1.0) -> Linux machine (192.168.1.6) -> Wifi Hotspot
I have allready setup a PPTPD on the Linux box, and it's working like a charm..

The reason that i do NOT want the "internet" users to see the local network is because it's a company network, and i don't want somone to try to hack or something like it.

I am able to change anything i want, but i prefer to have the windows 2000 SBS connected directly to the internet.

Also the Linux box must have access to the internet thru the Windows 2000 box (at this moment that is working fine thru eth0) for the mailserver.

So who can help me with this one?

Here's a bit more background info

Win2k SBS          192.168.1.5 <-- this can NOT be changed
Wifi hotspot        192.168.1.1 <-- this can be changed
Linux box ETH1   192.168.254.254 <-- this can be changed
Linux box ETH0   192.168.1.6 <-- this can be changed
0
Comment
Question by:Goldwing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
Alf666 earned 500 total points
ID: 10780155
I'd suggest something simple on the linux machine. All iptables based + optional authentication.

It would need two sets of rules. On for identified users, and one for non identified users.

The one for identified users would allow them to access the "internal" network.
The one ofr non identified users would only allow forwarding to the internet.

There is an "Authentication gateway HOWTO". But it's a bit old (2 years), but still interesting :

http://www.tldp.org/HOWTO/Authentication-Gateway-HOWTO/index.html

And, recently, I found a few projects that allow HTTP, HTTPS, or ssh authentication for iptables.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question