Sick Twist wrote:
> There are no network services running. The laptop will just provide a
> means to share Internet access among the other machines. Fabulous
> ASCII network diagram to follow:
>
> Laptop - - - - {wireless connection} - - - - (( The Internet ))
> |
> Switch
> | | | |
> | | | PC1
> | | PC2
> | PC3
> PC4
Just NAT 'em.
If your laptop is only connecting "up" to the Internet, there's nothing
to be lost there anyway, really.
The only thing I can think of is if your "Internet" wireless connection
does NATting and you want to relay the UPNP resource broadcasts for
internal PCs to be able to register and listen to external public ports.
You can still statically map the ports if need be, however, you'll just
need to define those ports in two places: your internet AP firewall and
your laptop "firewall".
If the PCs will never need to service public requests, no worries at all
then.
In fact, you might consider some transparent squid action with privoxy
and tor to buffer things a bit and protect and anonymize your PC's web
surfing. Depending on how paranoid you are, you can always run that in a
virtual machine like user-mode-linux or vserver/openvz, or simply chroot
it. Your laptop is effectively a firewall afterall.
I'd also strongly suggest something like dnsmasq to provide both DHCP
and a locally cached DNS server and some split horizon private host
resolution for the PCs on that segment.
- Ian
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:58:32 EDT