Solved

A Hard one.. Linux box directly hooked to WiFi Hotspot on ETH1 and ETH0 to local network to Intranet using VPN

Posted on 2004-04-07
1
275 Views
Last Modified: 2010-03-18
Ok, i've got a hard one for you guys, that's why i'm awarding 500 points.

This is my situation,

I have a linux box (redhat 9.0) with ETH1 connected directly to a Wifi hotspot, thru that hotspot i want 3 users to connect to the interanet (a exchange server) and all the others that connect to the hotspot directly to the internet WITHOUT them seeing the local network.

The setup now is like this,

Internet -> Windows 2000 server SBS -> localnet (192.168.1.0) -> Linux machine (192.168.1.6) -> Wifi Hotspot
I have allready setup a PPTPD on the Linux box, and it's working like a charm..

The reason that i do NOT want the "internet" users to see the local network is because it's a company network, and i don't want somone to try to hack or something like it.

I am able to change anything i want, but i prefer to have the windows 2000 SBS connected directly to the internet.

Also the Linux box must have access to the internet thru the Windows 2000 box (at this moment that is working fine thru eth0) for the mailserver.

So who can help me with this one?

Here's a bit more background info

Win2k SBS          192.168.1.5 <-- this can NOT be changed
Wifi hotspot        192.168.1.1 <-- this can be changed
Linux box ETH1   192.168.254.254 <-- this can be changed
Linux box ETH0   192.168.1.6 <-- this can be changed
0
Comment
Question by:Goldwing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
Alf666 earned 500 total points
ID: 10780155
I'd suggest something simple on the linux machine. All iptables based + optional authentication.

It would need two sets of rules. On for identified users, and one for non identified users.

The one for identified users would allow them to access the "internal" network.
The one ofr non identified users would only allow forwarding to the internet.

There is an "Authentication gateway HOWTO". But it's a bit old (2 years), but still interesting :

http://www.tldp.org/HOWTO/Authentication-Gateway-HOWTO/index.html

And, recently, I found a few projects that allow HTTP, HTTPS, or ssh authentication for iptables.
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question