Linux will do about everything you need NAT-wise. Here's an setup just
about anyone can use that costs nothing other than a 486 or better (if
you're running Linux already, you're set).
Make a crossover cable from your Portmaster to one of the PC's NICs.
Compile your kernel for firewall and masquerade support. Reboot your Linux
box. Assign your Portmaster pool to use a value like 192.168.0.1 and it's
ethernet interface to us a reserved IP also. Setup your masquerade (NAT)
with ipfwadm. Details on this can be found in the ipfwadm man page. This
has worked well for us and protects our users from attacks like WinNuke. If
your Linux box is your RADIUS server, you are going to experience faster
authentication because there won't be any other systems trying to talk over
the same wire, and you don't have to worry about outsiders trying to attack
your RADIUS server (because they can't see it). Since all traffic to the
world goes out the other NIC, you have an effective firewall to boot.
This is what we use to alleviate the need for valid IP's and make
administration very easy.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Beta software complaints > /dev/null
Emilio Gomez http://www.emilio-gomez.net/
PGP key: http://www.lightcom.net/pgp/emiliogomez.asc
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>