A Hard one.. Linux box directly hooked to WiFi Hotspot on ETH1 and ETH0 to local network to Intranet using VPN

Ok, i've got a hard one for you guys, that's why i'm awarding 500 points.

This is my situation,

I have a linux box (redhat 9.0) with ETH1 connected directly to a Wifi hotspot, thru that hotspot i want 3 users to connect to the interanet (a exchange server) and all the others that connect to the hotspot directly to the internet WITHOUT them seeing the local network.

The setup now is like this,

Internet -> Windows 2000 server SBS -> localnet (192.168.1.0) -> Linux machine (192.168.1.6) -> Wifi Hotspot
I have allready setup a PPTPD on the Linux box, and it's working like a charm..

The reason that i do NOT want the "internet" users to see the local network is because it's a company network, and i don't want somone to try to hack or something like it.

I am able to change anything i want, but i prefer to have the windows 2000 SBS connected directly to the internet.

Also the Linux box must have access to the internet thru the Windows 2000 box (at this moment that is working fine thru eth0) for the mailserver.

So who can help me with this one?

Here's a bit more background info

Win2k SBS          192.168.1.5 <-- this can NOT be changed
Wifi hotspot        192.168.1.1 <-- this can be changed
Linux box ETH1   192.168.254.254 <-- this can be changed
Linux box ETH0   192.168.1.6 <-- this can be changed
LVL 7
GoldwingAsked:
Who is Participating?
 
Alf666Commented:
I'd suggest something simple on the linux machine. All iptables based + optional authentication.

It would need two sets of rules. On for identified users, and one for non identified users.

The one for identified users would allow them to access the "internal" network.
The one ofr non identified users would only allow forwarding to the internet.

There is an "Authentication gateway HOWTO". But it's a bit old (2 years), but still interesting :

http://www.tldp.org/HOWTO/Authentication-Gateway-HOWTO/index.html

And, recently, I found a few projects that allow HTTP, HTTPS, or ssh authentication for iptables.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.