RFC on solution to Rejean's situation

Sat Nov 1 18:59:57 EST 2003

Hello, folks

After talking to Rejean about solutions to his situation, we came up with
the following.  I would like comments from the users experienced with this
sort of thing, about whether our solution will work as I believe...

Now, the groundwork, and useful information summary:

1.  The network consists of many Windows machines, and a single Linux
machine.

2.  The Linux machine is a public access server for web, mail, and FTP,
and a private access server for samba.

3.  The internal network is switched.

4.  There is both a cable internet connection, and an ADSL internet
connection.  Both of these are necessary for their own reasons.

5.  The windows portion of the network should use only the DSL connection.
The Linux side should use only the cable connection.

6.  The Windows and Linux boxes must communicate for purposes of samba.

7.  The current configuration is this:
The network of switched Windows boxes, go through the DSL router.
The Linux box goes through a router, which connects to the cable modem.
The Linux box, has a second card, which links it to the Windows network.
This is not ideal.

So here is the proposed solution, to solve all problems of security,
compatibility, connectivity, and so on...

1.  He sets up an older computer, as a dedicated firewall/router, running
one of the tiny Linux floppy distributions, which exist for this exact
purpose.

2.  This box would have four interfaces, configured as follows:
eth0: cable modem.
eth1: ADSL modem.
eth2: Linux server.
eth3: Windows network.

3.  Eth0 would accept traffic for, and outgoing traffic from, eth2.
Eth1 would accept traffic for, and outgoing traffic two only, eth3.
This creates a box which is basicly split, into a Windows router, and a
Linux router.

4.  The Windows side, would accept no inbound connections (that is:
through the ADSL modem), accept those desired by the Windows network--that
is: related connections to those established by it.  It'll be doing one to
one NAT, and firewall duty.

5.  The linux side, will have connections related to anything it creates,
as well as incoming connections to its services.

6.  Either (A) private samba connections can be permitted between eth2 and
eth3, with the modems being none the wiser; or (B) a separate connection
for samba use, can be created either between the switch and the
routing box, or it can be made from the switch, directly to the Linux box.

Questions include:

1.  Will this work as well as I believe it will?

2.  How much memory will this routing box need, given a large quantity of
data transfer per day?

3.  What else might we not be considering for this?

4.  Is this overkill?

Thanks for any comments, and for reading this novel.

Regards,

Luke