Amahi Forums

hello all first time post on the new forum.

My question is has anyone tried eliminating their router all together by installing 2 nics and just using a switch. I do not have much experience with fedora. all of my other systems are debian based.
I would like to have one nic pointed toward my cable modem dynamic ip and the other nic pointed toward my network. I was thinking of using firestarter but need a little help with the network config side of things in fedora 9

I didnt see any other posts on the topic and thought a discussion may be helpful to others

thanks

I'd like to know that too

this can be done, and it has been done, however, it's not the supported configuration out of the box.

a small mistake can render your data open to the internet. keep that in mind!

here is what you need to do:

- make sure eth0 is on the LAN side (your network). this is important for amahi to work
- hence eth1 is handling the WAN wide of things
- make sure you run a firewall in eth1!!!

some people recommend shorewall, moonwall, or others.

report back how it works for you!

At one point I wanted to do this too. Then I thought REAL HARD. I AM a security Xpert...

Why would I ever what my SMB/NFS server so exposed? One misstep and I am DEAD! And a basic gateway/firewall is pretty cheap.

I DO run a Linux router/gateway, because I have native IPv6 here, and decent boxes are still expensive. So I am even more aware of why I do not want to do this.

Finally the only real justification I can see for this is running Amahi as a HTTP proxy and/or PBX.

For the HTTP proxy, so you route in and out of Amahi's one interface. Not hard to do.

For the PBX, it makes sense to put the phones on their own network.

Again, my security background colors my opinion. Don't go this way, even if you are an expert.

I second rgmhtt's opinion. You don't want to do this. 1 mistake can cost you all your data.
especially if you want to use your hda as a webserver for a forum or blog for friends, that code can also contain bugs or be compromised. Once a hacker/bot *&%$ up your database Amahi will grind to a halt. Or worse: they go through that database and see how your network is set up, what shares you have, the usernames etc. and they steal your stuff or put trojans in executables. Yes it can happen. scripted attacks cost almost no effort and if you don't have proper countermeasures in place an attack can go on for hours/days without you noticing it. and once they're in, your data is toast.

If all your other boxes are debian: set 1 up as gateway for routing/firewalling and if needed web services (http/pop/smtp), but even then it's best to proxy those as well. the easiest way to really achieve that may be through a VM which you can lock down (read only, hah, try hacking that), make a snapshot of a good secure copy first and replace copy when in doubt)

I second rgmhtt's opinion. You don't want to do this. 1 mistake can cost you all your data.
especially if you want to use your hda as a webserver for a forum or blog for friends, that code can also contain bugs or be compromised. Once a hacker/bot *&%$ up your database Amahi will grind to a halt. Or worse: they go through that database and see how your network is set up, what shares you have, the usernames etc. and they steal your stuff or put trojans in executables. Yes it can happen. scripted attacks cost almost no effort and if you don't have proper countermeasures in place an attack can go on for hours/days without you noticing it. and once they're in, your data is toast.

If all your other boxes are debian: set 1 up as gateway for routing/firewalling and if needed web services (http/pop/smtp), but even then it's best to proxy those as well. the easiest way to really achieve that may be through a VM which you can lock down (read only, hah, try hacking that), make a snapshot of a good secure copy first and replace copy when in doubt)

i personally want to replace my router, so what i plan to do is install fedora, run a firewall on the WAN site, and disable all services to it.
would this be possible? to make amahi only on listen to the "inside" ?

this is doable. here is the recommendation:

- use eth0 for the inside (lan)
- use eth1 for the outside (wan)

run the firewall on eth1, of course.

we have a router/firewall control module now. so whatever firewall you chose, we can probably make a module in a relatively short time to get it controlled from the networking tab in your hda.

Is this still doable?

I will find out in about 20 minutes I suppose.

Trying this myself, but since I'm a Linux n00b, I'm having trouble getting Fedora to do the routing bit.

I managed to add a second NIC (eth1), to which I want to connect my modem. I've tried following a guide to set up internet sharing. To summarize this:
I didn't change settings for eth0, since the DHCP server thing was working well. I configured eth1 to use DHCP. Then I did the internet sharing routine:
System --> Preferences --> Network Connections --> Add --> In the 'Wired' tab I filled in the MAC of the eth0 card --> in the IPv4 Settings tab I selected 'Share to other computers' ).
I connected my working PC to my eth0 card, and my modem to the eth1 card. I can now use internet on my HDA, and my PC is getting a DHCP address from my HDA (gateway 192.168.1.1, DHCP 192.168.1.50, DNS 192.168.1.50), but internet is not working on my working PC. I tried using 192.168.1.50 as a gateway, and manually entering some DNS addresses (openDNS), but to no avail.

I'm probably doing a simple thing wrong, but I cannot find it...