home Mail List
Info
Info
Meetings
Goals
Upcoming
Projects
FAQ
Security
Links
[Date Prev][Date Next] [Chronological] [Thread] [Top]

[NMLUG] 2nd nic

You don't really need a proxy, and it won't help security much as a quick 
port scan would reveal the presence of the proxy.  You need a router of some 
sort (any linux or bsd box could do it), and only allow certain MAC 
addresses to access the DSL connection.  You could do this on the DSL modem 
itself, but then it would cease to work as a customer access point.  The 
next question is how the computers are configured currently.  Are they 
assigned static IP addresses?  If so, you'll need to reconfigure them each 
time you switch cables.  If they are assigned IP addresses via DHCP, that 
will work great, you'll just need to install a DHCP server on the router box 
so they get new address/gateway info when you switch cables.  You could of 
course still install a proxy server, using MAC address filtering as well, 
and just change the proxy config in your browser when you want non-filtered 
access.  Then you wouldn't have to switch ethernet cables.

Give us a few more details about your current network setup and we can give 
you more informed options.

Matthew


>From: Tim Emerick <timothyemerick@yahoo.com>
>Reply-To: New Mexico Linux Users Group Mail List <nmlug@nmlug.org>
>To: New Mexico Linux Users Group Mail List <nmlug@nmlug.org>
>Subject: Re: [NMLUG] 2nd nic
>Date: Thu, 12 Jan 2006 00:08:44 -0800 (PST)
>
>I've already been beaten up by the security guys on this list about it but
>here's a quick snapshot.  I'm on a corporate WAN.  Everything is filtered 
>and
>off-shore IP's are blocked by their routers.  Being the local IT guy, I'm
>always having to download drivers (from taiwan, etc), research various
>hardware/software issues on google groups (which is blocked), etc.  What 
>I'm
>attempting to do is bypass the corporate security by making a router of 
>sorts
>to access a DSL circuit I installed for Customer Waiting Area by a Select
>Number of Computers on the corporate lan.  I don't want the breach to be
>openly or widely available or it will certainly be abused which is why I
>wanted to install a proxy software using some non-standard port.
>
>Really, it's just for convenience.  What I'm currently doing is unplugging
>the cable for the corporate WAN and plugging in a cable for the DSL
>connection whenever I need access to the DSL line.  It's a pain but it 
>works.
>
>My other option (which would require an additional PC) is to just use a
>smoothwall machine (http://www.smoothwall.org) to bridge the two networks.
>
>Tim
>
>--- Andres Paglayan <andres@paglayan.com> wrote:
>
> > why not tossing the T1 if it's so lame?
> >
> > _______________________________________________
> > NMLUG mailing list
> > NMLUG@nmlug.org
> > http://www.nmlug.org/mailman/listinfo/nmlug
> >
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>_______________________________________________
>NMLUG mailing list
>NMLUG@nmlug.org
>http://www.nmlug.org/mailman/listinfo/nmlug
  • References:
Please send sugestions and comments to webmaster@nmlug.org.
Valid XHTML 1.1! Valid CSS! Powered by Debian Powered by Apache