This chapter describes the internal and external network configuration, firewall that protects it and the traffic control.
This chapter is a part of the "Secure Internet Appliance for Small Office / Home Office HOWTO". It relies on the environment variables listed in Section 2.1, “Environment Variables”.
Opposed to many commercial access points, the SISO is a true router and does not use bridging. This eases administration, and allows for improsed security methods because the subnet identifies the connection method of the host.
RFC 1918  reserves the networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 for private use.
When hosts on the internal network connect to a corporate network using a Intel/Shiva VPN , and these hosts want to be able to access hosts on the internal network while their VPN is active, the internal network should use only 10.0.0.0/16 or 192.168.0.0/16.
The following subnets are used in the examples:
10.0.1.0/24, internal hosts connected using 802.3 10/100 ethernet LAN
10.0.2.0/24, internal wireless hosts using 802.11 wireless LAN
10.0.3.0/24, PPP end-points for external hosts connected through the VPN server
The hostname is set using the
file as shown in the example:
The configuration for the 10/100 and wireless interface
are described by respectively
Configuration examples for these interface can be found in:
The daemon that provides the DHCP Server and DNS Forwarder was
build in Section 4.4, “Domain Name Forwarder (DNS)”. The configuration
for this deamon is described by the file
dnsmasq.conf. This file refers to the files
that lists the local hosts (
hosts) and the
upstream name servers (
Examples configuration files are: