Very Computer

hi there,

i've just took a look to the iptables and as i changed my whole network
structure here i thought i could be a good time to move over to iptables ...
no problems with ip masq everything works fine

explication:
i've got 3 linux machines (servers) running in a lan
- 172.16.0.1 helium.nobug.lu (RH 7.1) eth0
   172.16.0.6 brom.nobug.lu (RH 7.1) eth1 (adsl)
          Gateway/Firewall
- 172.16.0.7 radon.nobug.lu (RH 7.1) eth0
          Webserver & Database & NS1
- 172.16.0.4 argon.nobug.lu (RH 7.1) eth0
           Secondary DNS & Proxy

Now I've got a dynamic domain (dyndns: nobug.no-ip.com) that means that
people should access the webserver via this domain

ADSL (nobug.no-ip.com) ----172.16.0.6
(srv1)----172.16.0.1(srv1)---->172.16.0.7

How can I forward all incoming connections for port 80,3306 etc. to
172.16.0.7 (with iptables)?

Can someone give me an example?

And when I install squid as proxy now on "argon" does it work immediatly if
I tell that machine that the default gateway is 172.16.0.6?

If i'm completly wrong, just tell my how that everything works (with whiche
apps and so on).

Thank you all very much in advance!

Nice x-mas & happy new year everybody!

David

Hi!,

Quote:> hi there,

> i've just took a look to the iptables and as i changed my whole network
> structure here i thought i could be a good time to move over to iptables ...
> no problems with ip masq everything works fine

> explication:
> i've got 3 linux machines (servers) running in a lan
> - 172.16.0.1 helium.nobug.lu (RH 7.1) eth0
>    172.16.0.6 brom.nobug.lu (RH 7.1) eth1 (adsl)
>           Gateway/Firewall
> - 172.16.0.7 radon.nobug.lu (RH 7.1) eth0
>           Webserver & Database & NS1
> - 172.16.0.4 argon.nobug.lu (RH 7.1) eth0
>            Secondary DNS & Proxy

> Now I've got a dynamic domain (dyndns: nobug.no-ip.com) that means that
> people should access the webserver via this domain

> ADSL (nobug.no-ip.com) ----172.16.0.6
> (srv1)----172.16.0.1(srv1)---->172.16.0.7

Could I suggest that putting everythig onto the same subnet isn't a good
idea.  You either want to break up your subnet so that the machines using the
ADSL connection are on a different subnet or you want to subnet your subnet so
that the network comms IP's are in one subnet and the machines sharing the
connection are located in the other.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+