Running a closed ethernet network to a Linux Mint Machine

Joined: Mon Apr 09, 2018 8:34 pm

Running a closed ethernet network to a Linux Mint Machine

Post by emilraji » Mon Apr 09, 2018 9:02 pm

So I'm undertaking quite an interesting project here and am a total linux noob besides having some experience with it as a casual user.
At my work we have 3 film scanners which run on Windows XP and we frequently need to plug in flash drives to collect and consolidate images to then upload to dropbox.
Obviously being incredibly vulnerable I want these machines to be insulated from the internet or being used in this manner, I want to build a small file sharing network where all images scanned are consolidated on a machine running linux.
There are certain things you need to know though, the windows xp in the left corner is connected to a windows 2000 machine via ethernet and this connection must be maintained for that one scanner to work. So I think using a usb 2.0 to ethernet might solve this though I'm not sure if this will interfere with that established machine.
The Linux Mint machine will also need to have access to this closed off network and also to the internet via a physical router.

Illustrated below is a graphical representation of what I want to achieve. All the input given will be appreciated!

Joined: Sun Nov 22, 2015 1:17 pm
Location: Heart of Dixie

Re: Running a closed ethernet network to a Linux Mint Machine

Post by tovian » Sat Apr 14, 2018 6:56 pm

Here's a graphic documenting the network layout I used for several years. I used three old routers I had laying around. The Mick router controlled my TEST LAN (where I connect all my client computers). Above Mick (in the graphic) was a "splitter" router that controlled the downstream routers (Mick and Jack). Inside the "splitter" router I had rules where I could quickly/easily shut off all INTERNET access (in and out) to either downstream router using its MAC. Usually I isolated Mick to keep clients off the internet until I was sure they were "clean" (and, when I do new OS installs I like to keep machines off the net until I get all the security/AV software in place). When Mick's internet access was shut off all machines connected to Mick were isolated from the internet as well. But, even when Mick was isolated from the Internet all his machines had full in/out access to all the machines on the other LAN.

I was doing something similar to what you are speaking of. I had a common folder on one of my machines and that is where I stored anything I wanted available to any machine on either LAN - even when the machines hooked to Mick were isolated from the net. I could create a graphic on a machine on my TEST LAN, save it to my common file/folder, then upload it to a web-hosting service from a machine on the other LAN. ** A separate LAN is a great way to continue using XP machines but isolate them from "security" vulnerabilities. And, BTW, I had a mix of Windows and Linux (Mint) machines on BOTH LANs.

I used three physical routers because I had them laying around not in use. You could probably do the same thing with a single router and "virtual LANs". The reason for the weird subnet masks is so that there are no unused/available IP-addresses at the highest levels of my network. I also used different Class-C IP-address ranges. All this probably violated a lot of networking "rules", but I was just trying to build a network that intruders would not find so easy to navigate (a little additional security). Although it is not showing in my graphic I also had a second network adapter in two of my machines so they could talk to each other only but at the hight speed possible.

Click the thumbnail below to see my old network layout. This may seem a little quirky, but it was a good learning exercise for me, and it would accomplish what you need. Alternatively, it might simply give you some new ideas to chew on.


If this is entirely too "goofy" for normal human beings I'll come back later and delete this post. :lol:
