Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I need some advice about an idea: I want to split a LAN in two parts using my current hardware configuration. Let's explain ... I have 2 wired PCs ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2007
    Posts
    2

    Need some advice over a LAN Configuration


    Hi,
    I need some advice about an idea: I want to split a LAN in two parts using my current hardware configuration.
    Let's explain ...

    I have 2 wired PCs and and an wireless AP connected to a simple switch. The whole LAN is managed by a Linux Firewall/Gateway (currently running Ubuntu TLS ... but i'll switch to gentoo soon) that's connected to my dsl modem.

    Now from some time I live with other people that connects to me to do some simple tasks over the internet like chat, writing emails ... (other stupid things). All went good until they found p2p ...

    I was thinking about split my LAN by 2 making my own private and another for the others. After some thinking my train of thought shored over interface Multicast and the omnipresent IPtables ... but can't get a clue on how to put alltogether so that my lan master could automatically identify my machines and put that in the right LAN (obviously through the MAC address) (:

    I'm just experimenting so any advice/idea is welcome

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    728
    Most dhcp servers that I know of can be configured to hand out the same IP address to the same MAC address. I use it on my network so my hardware always gets the same IP but guests get auto-configured too.

    It is worth noting that neither MAC addresses or DHCP were designed to be tamper resistant so if your guests felt the desire to work around your rules, they would probably be able to.

    Personally I'd use a VPN. LAN -> LAN can do whatever it likes but LAN -> Internet is checked by some quality of service rules. VPN to Internet is unrestricted. It's fairly easy to set up, especially OpenVPN, and the segregation of you and your guests is extremely robust.

    It would also allow you to securely route your traffic home first if you were using an untrusted wireless AP.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    Quote Originally Posted by aliem View Post
    Now from some time I live with other people that connects to me to do some simple tasks over the internet like chat, writing emails ... (other stupid things). All went good until they found p2p ...
    Do you know YOUR ip address is logged by the ISPs for any traffic including downloads? I hope you can trust the people you gave access to your AP/Internet connection and they don't download any illegal stuff ...

    If you trust them then assign static IP addresses to their mac addresses and assign them a static IP address read about traffic shaping.

    If you don't trust them - reject them.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2007
    Posts
    2
    here what i did:
    Installed Gentoo (i was too much bored of ubuntu).
    I configured my interface multicasting 2 ip in different zones ... 192.168.0.1 and 192.168.10.1
    dhcpd now gives to registed mac my subnet and sll others the default one.
    configured my firewall to disallow emule connections (at least the default ones). but it's getting a pain.

    My question now is: could iptables shape the traffic on just some ports. So the users will not download anything but will still connect?

  6. #5
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    728
    There is a page on the Gentoo wiki that deals with traffic shaping and makes specific reference to P2P apps.

    HOWTO Packet Shaping - Gentoo Linux Wiki

    Take a peek and we can help you out if you run into trouble.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •