From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from rdsl-0017.tor.pathcom.com ([207.188.66.17] helo=interfree.ca) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1AGHqg-0007A9-00 for ; Sun, 02 Nov 2003 08:00:56 -0500 Received: from Spooler by interfree.ca (Mercury/32 v3.32) ID MO0021C0; 2 Nov 03 08:00:50 -0500 Received: from spooler by interfree.ca (Mercury/32 v3.32); 2 Nov 03 08:00:03 -0500 Received: from M019005 (192.168.1.1) by interfree.ca (Mercury/32 v3.32) ID MG0021BF; 2 Nov 03 07:59:55 -0500 Message-ID: <00f701c3a141$373c22e0$6901a8c0@ism.can.ibm.com> From: "Rejean Proulx" To: "Speakup is a screen review system for Linux." References: <16292.19319.720974.61435@ccs.covici.com> Date: Sun, 2 Nov 2003 07:59:56 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: RFC on solution to Rejean's situation X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.3 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: Speakup is a screen review system for Linux. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 13:00:56 -0000 I am interested in the solution that John proposed that will allow me to set up an entry that effectively blocks all traffic from one of the Linux cards from everything except Samba. it was suggested to read Chapter 4 of the IP command, but with the number of books out there, I have no idea what that book is or where to get it. If anyone has more details on this, I'd appreciate it. If this is simple, it might solve the problem quickly until we devise a more elaborate and proper solution. Atg least I could get my second subnet back which is badly needed. Rejean Proulx Visit my family at http://interfree.ca MSN is: rejp@rogers.com Ham License VA3REJ ----- Original Message ----- From: "Luke Davis" To: ; "Speakup is a screen review system for Linux." Sent: Sunday, November 02, 2003 1:33 AM Subject: Re: RFC on solution to Rejean's situation > To clarify: are you suggesting that the ADSL modem interface, be installed > in the existing Linux machine, thus giving it three interfaces: one to the > Windows network, and two to the net, with the Windows network having no > net interfaces of its own? > > I see two potential downsides with this: > > 1. If the Linux machine ever goes down for any reason, the Windows > network is totally cut off from the internet. > > 2. In addition to its heavy load in mail, apache, MYSQL, Samba, mailing > list management, FTP, and other things, for many meg (to gig, if you count > samba) of data per day, it now also has the load of serving as security > guard, and traffic cop, for the entire network. > Is this really a good thing? > > Luke > > On Sat, 1 Nov 2003, John covici wrote: > > > I think the firewall stuff can be done on the same machine -- no need > > for another box at all. There are several ways to route the packets > > from the windows system out a certain interface and you will need to > > use iptables heavily along with the ip command to accomplish some of > > this. > > > > One way which comes to mind off the top of my head is that you can > > use the mangle table of iptables and put a statement in the > > PREROUTING chain to mark the packets with 1 and then have a rule in > > the policy database to send all such packets out the interface > > desired. > > > > In addition the the ip tables unreliable guide from Rusty Russell and > > the manpage, the ip command has an example in chapter 4 of its > > documentation as to how to work with two interfaces, so this should > > work fine. > > > > You can tell samba to only listen on a certain interface, so that > > problem should be easily solved. > > > > Hope this helps. > > > > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup