Find the answer to your Linux question:
Results 1 to 2 of 2
Currently I have the following setup: A 2Mbit leased line used that is used for internet access and e-mail services. The network is tiny with only 15 computers. Staff from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Posts
    1

    Separate LAN


    Currently I have the following setup:

    A 2Mbit leased line used that is used for internet access and e-mail services. The network is tiny with only 15 computers. Staff from another company will be sharing our premisis but will have their own dedicated network equipment and internet access. (They have about 7 computers, these share a wireless internet connection.)

    One of the computers from the company that shares our building is directly connected to our network. This allows them to connect to some of our servers in order to use terminal services. This also means that computers on their network can easily attack ours.

    I would like to completly separate the two LANs but still allow them to access certain resources on my LAN without going via the internet.

    What I'm thinking of doing is setting up a Ip-Cop firewall for the other compnay that allow traffic from their LAN get to my LAN without going via the internet.

    Their firewall would be connected to our internal LAN a well as to their wireless service provider. (the wireless unit uses PPPOE)

    I'm looking for documentation that would assit with this implementation as well as any suggestion on a better approace.

  2. #2
    Just Joined!
    Join Date
    Jun 2003
    Location
    Elmore Co., AL USA
    Posts
    10
    Why don't you take an old Pentium or even 486 and install Linux on it and put in 2 NICs and let the other company access through that computer using iptables to limit the services and locations -- that should make them feel better also as you could ensure that your people couldn't attack their stuff either.

    You could restrict access to your specifically desired terminals from their specific stations by screening HW addresses or private net IP -- really just a huge number of things you could do.

    Maybe better ways to go than this, but it can work and since nobody else has answered you, that's my tuppence.

    Chas

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •