Solved

A Hard one.. Linux box directly hooked to WiFi Hotspot on ETH1 and ETH0 to local network to Intranet using VPN

Posted on 2004-04-07
1
268 Views
Last Modified: 2010-03-18
Ok, i've got a hard one for you guys, that's why i'm awarding 500 points.

This is my situation,

I have a linux box (redhat 9.0) with ETH1 connected directly to a Wifi hotspot, thru that hotspot i want 3 users to connect to the interanet (a exchange server) and all the others that connect to the hotspot directly to the internet WITHOUT them seeing the local network.

The setup now is like this,

Internet -> Windows 2000 server SBS -> localnet (192.168.1.0) -> Linux machine (192.168.1.6) -> Wifi Hotspot
I have allready setup a PPTPD on the Linux box, and it's working like a charm..

The reason that i do NOT want the "internet" users to see the local network is because it's a company network, and i don't want somone to try to hack or something like it.

I am able to change anything i want, but i prefer to have the windows 2000 SBS connected directly to the internet.

Also the Linux box must have access to the internet thru the Windows 2000 box (at this moment that is working fine thru eth0) for the mailserver.

So who can help me with this one?

Here's a bit more background info

Win2k SBS          192.168.1.5 <-- this can NOT be changed
Wifi hotspot        192.168.1.1 <-- this can be changed
Linux box ETH1   192.168.254.254 <-- this can be changed
Linux box ETH0   192.168.1.6 <-- this can be changed
0
Comment
Question by:Goldwing
1 Comment
 
LVL 9

Accepted Solution

by:
Alf666 earned 500 total points
Comment Utility
I'd suggest something simple on the linux machine. All iptables based + optional authentication.

It would need two sets of rules. On for identified users, and one for non identified users.

The one for identified users would allow them to access the "internal" network.
The one ofr non identified users would only allow forwarding to the internet.

There is an "Authentication gateway HOWTO". But it's a bit old (2 years), but still interesting :

http://www.tldp.org/HOWTO/Authentication-Gateway-HOWTO/index.html

And, recently, I found a few projects that allow HTTP, HTTPS, or ssh authentication for iptables.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now