I'd like to setup a small network of 3 computers (Win98) on a DSL connection which will have unique
static IP addresses for each machine. But I don't want each machine sitting on the DSL hub. I'd
like to put a firewall machine between the DSL router and the private network, at the same time
keeping the static IP mapping for each machine. In other words, I don't need a proxy server but I
do want a firewall for each IP address.
I'm thinking of setting up a Linux box with 4 network cards (3 to interface with the DSL router and
one to interface to the private sub net). I'm very new to Linux and firewalls. Can some one tell
me if I'm on the right track with this idea? Or is there a better way to accomplish my goal without
spending big bucks on special hardware?
Actually I'm not sure if the approach I'm thinking of is the best or not. This networking stuff is
fairly new to me. Here's what I've got right now.
A DSL connection with one dynamically (DHCP) assigned IP address which feeds to a Win98 box running
Wingate 3. The Wingate machine feeds a local hub which has three machines (2 Win98 and 1 Linux).
I've got the Win98 machines working as well as can be expected by sharing one public IP address.
All outgoing TCP and UDP requests work well. Wingate has no problem doing the NAT outbound. The
problem comes about when trying to map incoming port requests.
For example IRC's Ident function (Authentication) appear at the router on port 113. I can set a NAT
entry in the DSL router to past the request to the Wingate machine just fine. But the problem then
becomes... where to map the request from there. I basically have to pick on machine to pass all
Ident requests to. Bottom line... only one work station on my network can run an IRC server that
This same inbound port mapping problem is present in a number of other applications. So, one
solution is to buy a block of static IP addresses. One for each machine on the local network. But,
I don't want to place the Win98 machine directly on the Internet and expose all ports. I want to
have a firewall between.
So, my thought is that by putting 3 network cards at the gateway, I can assign a unique IP mapping
from the outside world to the machines on the local network.
Other changes that I'm going to make at the same time is to make the gateway box a Linux machine
(putting my three Win98 machines as client machines on the local network). I'm new to Linux, is
this a resonable approach to the problem? And can Linux be configured to handle this type of setup?
Thanks in advance for taking the time to help... I appreciate the assistance.