split/isolate network

rikona rikona at sonic.net
Sat Nov 20 21:05:57 UTC 2010 

Hello Joep,

Saturday, November 20, 2010, 3:39:38 AM, Joep wrote:

JLB> On 19/11/10 22:24, rikona wrote:
>> I'd like to split my local net into two parts which are completely
>> isolated, with no possibility of direct communication between them.
>> I'm wondering how to do this with a linux box, perhaps as follows:
>>
>>   cable modem ->  router ->  linux box ->  2 isolated net connections
>>
>>   I'm not sure what this might be called, and google was not my friend
>>   re this problem, so I thought I'd ask here. The linux box would be
>>   dedicated, not used for other purposes, and would be an older, much-
>>   less-capable-hdwe box.
>>
>>   One of the net connections [side 1] would have several fixed-IP boxes
>>   on it, with NO other box addresses allowed. The other [side 2] would
>>   need DHCP, with one or more boxes connected, whose address range does
>>   NOT overlap that of side 1. [I'm thinking 192.168... and 10.0... for
>>   example.]
>>
>>   I'm not sure how to do this, but am assuming it is likely possible.
>>   Any suggestions for how to do this, or where to find out on the net,
>>   would be appreciated.
>>
>>   Also, it looks like 10.04 will not install on the less-capable-hdwe
>>   box. If you know of alternative S/W that might work on older hdwe,
>>   please let me know. And, if there's a very inexpensive hardware
>>   solution that would do the above, that might be preferred, since I'm
>>   far from being a linux/network guru. :-)
>>
>>   Many thanks,
>>
>>    rikona

JLB> Rikona,
JLB> Maybe a little OT

Perhaps, but potentially quite useful. This may be the kind of 'small'
thing that was mentioned in a separate conversation - but without a
specific reference.

JLB> but what you want to achieve with even the oldest
JLB> hardware you have can be done using LEAF. I use it now for over 15 years
JLB> now on a stand-alone K6-box with no disks and a minimum of memory (I 
JLB> think it is 48 Mb) but I started with an old pentium I think 300 MHz.
JLB> You can use as much network cards as your motherboard permits to split
JLB> your network. It is base on Shorwall as the firewall and I have never 
JLB> had any problems with it. I used to have 3 branches (Outside world, 
JLB> local net and DMZ) but now I have temporarily 2 as I don't use a DMZ any
JLB> more as my website is elsewhere.
The URL is:>> http://leaf.sourceforge.net/
JLB> The current active branch is Bering uclibc.
JLB> Hope it helps,
JLB> Joep

I took a quick look. Is is potentially very interesting for what I
need, especially re the hardware requirements. It does seem as though
I'll have to learn a lot to use it well because of the relatively
extensive manual configuration. [I'm a certified net newbie. :-) ] I
guess that's the tradeoff with VERY small systems. :-)

Many thanks for the info!

-- 

 rikona

More information about the ubuntu-users mailing list