I'm "top posting" because I'm using web email to reply this morning. Anyway. If you want a more robust/secure firewall and choose to go with the Smoothwall (or IPcop as others may recommend) and you do not have a switch or hub for the LAN, then you would want to use the Linksys as a passive switch in order to attach more than one PC to the GREEN interface (I personally use a Netgear 16 port switch for my LAN). You could run Cat5 from the GREEN port on Smoothwall to the WAN port on the Linksys, and then use the LAN ports for computers, but then you would have two firewalls between you and the Internet and that can lead to interesting connectivity problems. The better solution (but it will take away one of your LAN ports) is to run the Cat5 from the GREEN port to one of the LAN ports and then make sure you have turned off the DHCP server on either the Linksys or the Smoothwall (since you only want one DHCP server on your LAN). Having the Linksys acting as a passive switch on your LAN (and using the Smoothwall as your DHCP server) would have the added benefit of providing an "inside" wireless access point should you ever go wireless. I ended up buying a Netgear wireless router since it was half the price of a dedicated access point and simply turned off the DHCP server portion and attached it to my LAN via one of the LAN ports and now it simply serves as a wireless access point with the IP for any connecting PCs coming from the Smoothwall DHCP server. If you go with Smoothwall, do yourself a favor and surf through their forums, there are a LOT of tips and tricks in there. I've also created a modified ISO image that has all 8 updates/patches in a seperate folder on the image so that I don't have to download the patches when/if I need to build or rebuild a firewall. Apparently there is a guy on the forums that has "slipstreamed" the patches into the standard ISO image. I've done such a thing with WinXP and Win2000, but not with Linux. -- ---- ------ Todd Young -------------- Original message ---------------------- From: "G J" <iipreca at hotmail.com> > The closest residence is over a quarter mile away, not to mention the road > is as far as well, (I live on a farm), so I'm not worried about anyone at > all hacking my wireless, and as of right now its turned off since I don't > have any wireless computers. I am probably going to put it between the modem > and the switch of course, however, do I plug it into the LAN side or the > internet side of the Linksys? > > > Jesse > > > > > > > > I have to disagree with the statement "learn IPTABLES first, then get > lazy/clever and worry about a front end". I would highly recommend using > a Smoothwall firewall first, and then while the Smoothwall is protecting > your home network, you can play with IPTABLES on another machine. The > last thing you would want to do is make a mistake and open up your > entire network to the Internet. > > My $0.02 on the subject of what to do.....Either #1 or #2 below. > #1 - Create a Smoothwall (use v2.0 with all 8 updates, v3 is still beta) > with three (3) NICs. GREEN (LAN), RED (Internet), ORANGE (DMZ). And then > put your Linksys out on the Orange interface as your wireless access > point. That way if someone were to hack your wireless, all they would > have access to is your Internet connection. Not necessarily good, but > better than them having access to your internal network. > > #2 - Create a Smoothwall with two (2) NICs, GREEN & RED. Plug the > Linksys in on the LAN side and turn off DHCP (use the Smoothwall as your > DHCP server) and basically just turn it into a simple WiFi access point > and wired switch. If you have WPA encryption turned on with a strong > password and you are not broadcasting your SSID, there is a very slim > chance that someone will even bother to try to hack your WiFi (there are > a lot of unsecured access points out there for them to play with). > > You might even consider just using the Linksys as is (or with the > "aftermarket" Linux upgrade) as your firewall/switch and using the PII > machine as a "test" or "play" machine. That way you can play with > different distributions and not have to worry about hosing your primary > computer. > -- > Todd Young > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list