SourceForge.net Logo

Chapter 5. Network Configuration

Abstract

This chapter describes the internal and external network configuration, firewall that protects it and the traffic control.

This chapter is a part of the "Secure Internet Appliance for Small Office / Home Office HOWTO". It relies on the environment variables listed in Section 2.1, “Environment Variables”.

Opposed to many commercial access points, the SISO is a true router and does not use bridging. This eases administration, and allows for improsed security methods because the subnet identifies the connection method of the host.

5.1. Internal Network Configuration

RFC 1918 [30] reserves the networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 for private use.

[Note]Note

When hosts on the internal network connect to a corporate network using a Intel/Shiva VPN [31], and these hosts want to be able to access hosts on the internal network while their VPN is active, the internal network should use only 10.0.0.0/16 or 192.168.0.0/16.

The following subnets are used in the examples:

  • 10.0.1.0/24, internal hosts connected using 802.3 10/100 ethernet LAN

  • 10.0.2.0/24, internal wireless hosts using 802.11 wireless LAN

  • 10.0.3.0/24, PPP end-points for external hosts connected through the VPN server

5.1.1. Hostname

The hostname is set using the network.conf file as shown in the example:

5.1.2. Interface configuration

The configuration for the 10/100 and wireless interface are described by respectively eth0.conf and ath0.conf. Configuration examples for these interface can be found in:

5.1.3. DHCP Server and DNS Forwarder configuration

The daemon that provides the DHCP Server and DNS Forwarder was build in Section 4.4, “Domain Name Forwarder (DNS)”. The configuration for this deamon is described by the file dnsmasq.conf. This file refers to the files that lists the local hosts (hosts) and the upstream name servers (resolv.conf).

Examples configuration files are:



[31] The Intel/Shiva VPN client should also be configured with EnableHomeNetwork=1 in VPNUser.ini.