Routing & Firewall (newbie)

Routing & Firewall (newbie)

Post by Cedric Mialare » Thu, 03 Aug 2000 04:00:00



Hi,
I have an Ethernet 100MB LAN (One Switch) + a DSL Router

Desktop (Windows) computers on the LAN have private IP Addresses
192.168.104.x
One or two NT Servers will have either real internet IP (say 200.200.200.x)
address or real internet IP address + private IP address.

desktop 1: 192.168.104.100
desktop 2: 192.168.104.101
DSL Router: 200.200.200.1
NT Server1: 200.200.200.200 and 192.168.104.200
NT Server2: 200.200.200.201 and 192.168.104.201
Linux Box: 200.200.200.2 and 192.168.104.2 (Mandrake 7.1)

1. I want to use the linux box as a NAT server for all desktops, but NOT for
the servers (which have real IP addresses).
2. I want to use the linux box as a firewall for both desktop and servers.

My physical configuration:
- All computers connected to 100MB switch.
- The linux Box has a second ethernet card which is directly connected to
the DSL router

The default gateway of the linux box is the DSL Router 200.200.200.1
The default gateway of the servers and desktops is the linux box
(200.200.200.2 and 192.168.104.2)

Q. How do I configure routing and Masquerade on the Linux Box so that this
setup works ?
Q. Or should I use other daemons (gated ? ???)

Thanks a lot,

Cedric

 
 
 

Routing & Firewall (newbie)

Post by John Hovel » Sun, 06 Aug 2000 04:00:00


Cedric --

Well, first of all -- exactly what do you mean the servers are going to have _2_
ip addreses?  As in they have _2_ NICs?  Or do you plan on using IPaliasing?

What services are they offering (to the Internet at large)?

They can't be masqueraded, _and_ offer services through their own IP.  Routing
issues would not allow this.

Most people for this sort of thing, acquire a second subnet for a DMZ, and use a
Linux router with 3 NICs.

The DMZ is where the servers go.

They are not masqueraded, but use IPchains to block traffic as needed.

Perhaps you can be more specific in what you are trying to achieve?

Cheers,
John


> Hi,
> I have an Ethernet 100MB LAN (One Switch) + a DSL Router

> Desktop (Windows) computers on the LAN have private IP Addresses
> 192.168.104.x
> One or two NT Servers will have either real internet IP (say 200.200.200.x)
> address or real internet IP address + private IP address.

> desktop 1: 192.168.104.100
> desktop 2: 192.168.104.101
> DSL Router: 200.200.200.1
> NT Server1: 200.200.200.200 and 192.168.104.200
> NT Server2: 200.200.200.201 and 192.168.104.201
> Linux Box: 200.200.200.2 and 192.168.104.2 (Mandrake 7.1)

> 1. I want to use the linux box as a NAT server for all desktops, but NOT for
> the servers (which have real IP addresses).
> 2. I want to use the linux box as a firewall for both desktop and servers.

> My physical configuration:
> - All computers connected to 100MB switch.
> - The linux Box has a second ethernet card which is directly connected to
> the DSL router

> The default gateway of the linux box is the DSL Router 200.200.200.1
> The default gateway of the servers and desktops is the linux box
> (200.200.200.2 and 192.168.104.2)

> Q. How do I configure routing and Masquerade on the Linux Box so that this
> setup works ?
> Q. Or should I use other daemons (gated ? ???)

> Thanks a lot,

> Cedric