public & private and linux routing

public & private and linux routing

Post by luca » Sat, 06 Oct 2001 00:14:15



hello one and all,

i have a simple concept and i am not sure how to do it in linux.  i have a linux
redhad 6.2 box with two network cards.  eth0 is for internal local LAN computers
and eth1 is for internet public WAN computer.  i have 5 public ip addresses and
one of them is assigned to the eth1 interface.  i currently have 192.168.0.2
assigned on the eth0 internal LAN interface.

this is what i would like to do.  keep the internet cable plugged into eth1 for
firewalling and security, perhaps via ipchains and forwarding and masquerading.
attempt to keep the private addresses for the 3 normal computers on the LAN.  i
have the routing tables and ipchains working great and the three internal LAN,
the linux box, and apache on the linux box are working great.

but i have a fourth internal LAN computer, that needs to also act as a public
web server also.  yes, apache is running on eth1 and it is fine, but i also need
to run ms IIS server on this one internal LAN computer, and allow tcp www
traffic to it and allow the results to get back out.  i would also like to allow
this fourth computer to browse or email the internet as the other three internal
LAN computers do.

so how should i configure this fourth computer, with a private IP address and
have the linux box route/forward somehow?  or, with a public IP address and have
the linxu box route/forward somehow?  if it is a public IP assignment then how
would i configure ifcfg-eth0, routing, and ipchains properly to allow the
internet www requests and responses to pass through and allow it to allow normal
browsing and email as if a normal workstation?

perhaps there is a HOWTO on this scenario?  i did see a serious ipchains
example, but it had three interfaces, internet (bad), dmz, and internal (good).
i only have the two network interfaces.

thank you in advance and have a nice day.

lucas

 
 
 

public & private and linux routing

Post by Dean Thompso » Sat, 06 Oct 2001 00:51:04


Hi!,

Quote:> i have a simple concept and i am not sure how to do it in linux.  i have a
> linux redhad 6.2 box with two network cards.  eth0 is for internal local
> LAN computers and eth1 is for internet public WAN computer.  i have 5
> public ip addresses and one of them is assigned to the eth1 interface.  i
> currently have 192.168.0.2 assigned on the eth0 internal LAN interface.

> this is what i would like to do.  keep the internet cable plugged into eth1
> for firewalling and security, perhaps via ipchains and forwarding and
> masquerading. attempt to keep the private addresses for the 3 normal
> computers on the LAN.  i have the routing tables and ipchains working great
> and the three internal LAN, the linux box, and apache on the linux box are
> working great.

> but i have a fourth internal LAN computer, that needs to also act as a
> public web server also.  yes, apache is running on eth1 and it is fine, but
> i also need to run ms IIS server on this one internal LAN computer, and
> allow tcp www traffic to it and allow the results to get back out.  i would
> also like to allow this fourth computer to browse or email the internet as
> the other three internal LAN computers do.

> so how should i configure this fourth computer, with a private IP address
> and have the linux box route/forward somehow?  or, with a public IP address
> and have the linxu box route/forward somehow?  if it is a public IP
> assignment then how would i configure ifcfg-eth0, routing, and ipchains
> properly to allow the internet www requests and responses to pass through
> and allow it to allow normal browsing and email as if a normal workstation?

What you will need to do is port forwarding.  You will need to tell your main
firewall server that someone attempting to access a port on your firewall will
result in having the request transfered into your internal machine.  If you
are not running a WWW server on your firewall then you can use port 80.

You will want to do look ups on one of the following programs:
  * ipmasqadm portfw
  * redir

Both of these programs will allow you to take a connection from the outside
and route it through to the box on the inside and have it serve the WWW
traffic to the outside machines while at the same time allowing it to surf the
net as well.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+