Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

Post by Davi » Mon, 27 Nov 2006 08:12:29



Hi all,

Im trying to use Gentoo linux, to connect two networks.

Net 1 is served to be 192.168.1.*

Net 2 is served to be 192.168.2.*

I want server 192.168.1.1 to reach 192.168.2.1 to only communicate with
a Microsoft SQL Server via TCP/IP. What should I look for.

Orignally I went with moving everything, into 192.168.1.1 - 50 for Net
1, then 192.168.1.100-51 for Net 2. I figured then I could bridge with
a firewall. However, the linux box, on getting the two ips, using dhcp,
does not then know where to route the packets?

Is there an easy way, if possible gentoo tutorials on setting this up
available, so that 192.168.1.1 can communicate only with 192.168.2.1
passing through a gentoo computer, with a seperate NIC for each
network.

Also does anyone know if you can do this for MS-SQL Server,by opening
up a specific port? What are my options please help, this is now
driving me insane.

Thanks

David

 
 
 

Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

Post by Davi » Mon, 27 Nov 2006 08:19:31



> Hi all,

> Im trying to use Gentoo linux, to connect two networks.

> Net 1 is served to be 192.168.1.*

> Net 2 is served to be 192.168.2.*

> I want server 192.168.1.1 to reach 192.168.2.1 to only communicate with
> a Microsoft SQL Server via TCP/IP. What should I look for.

> Orignally I went with moving everything, into 192.168.1.1 - 50 for Net
> 1, then 192.168.1.100-51 for Net 2. I figured then I could bridge with
> a firewall. However, the linux box, on getting the two ips, using dhcp,
> does not then know where to route the packets?

> Is there an easy way, if possible gentoo tutorials on setting this up
> available, so that 192.168.1.1 can communicate only with 192.168.2.1
> passing through a gentoo computer, with a seperate NIC for each
> network.

> Also does anyone know if you can do this for MS-SQL Server,by opening
> up a specific port? What are my options please help, this is now
> driving me insane.

> Thanks

> David

This might explain it better, as i wrote it a while ago while still
clear headed:

Hi all,

We have two networks:

a) 192.168.1.*

b) 192.168.2.*

We want to bridge them so that Microsoft SQL Server via TCP-IP can go
from a computer on a) to one on b). Ive been looking at etables and
iptables, and am not sure what would fullfill the purpose best. Has
anyone done this, or have any suggestons. We dont want windows file
sharing, named pipes, DNS, DHCP to transerse between the bridges. Can
this be done, do we need to bring them into the same 192.168.* range,
for it to work? Each network is connected via a seperate network card
to the gentoo linux box, ideally via these it would be good to ssh into
it. If not I guess this can be done with a spare network card?

Thanks in advance

David

 
 
 

Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

Post by Jeroen Geilma » Mon, 27 Nov 2006 09:17:02



> Hi all,

> We have two networks:

> a) 192.168.1.*

> b) 192.168.2.*

> We want to bridge them

I think you mean you want to *route* traffic.
Bridging is really quite different.

Quote:> so that Microsoft SQL Server via TCP-IP can go
> from a computer on a) to one on b). Ive been looking at etables and
> iptables, and am not sure what would fullfill the purpose best.

iptables is easiest when using routing.

Quote:> Has anyone done this, or have any suggestons. We dont want windows file
> sharing, named pipes, DNS, DHCP to transerse between the bridges.

Then you definitely don't want bridging, as that connects the networks
completely.
You want selective routing, i.e. routing in combination with firewalling.

Quote:> Can this be done, do we need to bring them into the same 192.168.* range,
> for it to work?

Of course not - if you do that, you can neither route nor stop any traffic.
Or rather, you can stop traffic, and selectively bridge the networks, but it
will be more work to set up properly, and can have lots of unforeseen
consequences.

Quote:> Each network is connected via a seperate network card to the gentoo linux
> box, ideally via these it would be good to ssh into it.
> If not I guess this can be done with a spare network card?

No need, as long as you can reach the Gentoo box from either of the two
connected networks.
Are the networks now connected and routed across the Gentoo box ?
If they are, your question is simply: how do I allow MS SQL traffic through,
but not anything else ?

If not, then you'd better stop and think about what kind of traffic you want
to route.
Which depends heavily on what other services you need to provide across the
router, and what kind you wish to prohibit.

A short rationale for why your network is set up the way it is would be a
really good place to start - do a little design work now, save yourself a
whole lot of worry later.

--
All your bits are belong to us.

 
 
 

1. From:192.168.0.101 TO:192.168.0.xxx VIA:192.168.2.1 ?

Hi,

My home network is configured as follows:  an iMac G3 gets the
Internet connection from dial-up (!) and shares it through its en0
interface on 192.168.2.1 (a static, pre-defined setting on MacOS X
10.4 for sharing an Internet connection).  en0 also has an IP of:
192.168.0.101 as shown below:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::20a:27ff:feab:3692%en0 prefixlen 64 scopeid 0x4
        inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        ether 00:0a:27:ab:36:92
        media: autoselect (100baseTX <full-duplex>) status: active
        supported media: 10baseT/UTP 10baseT/UTP <full-duplex>
100baseTX 100baseTX <full-duplex> autoselect autosel

From en0, a crossover cable goes into a DLink DI-624 router on its WAN
connector.  DI-624 (192.168.0.1) then gives dynamic IPs from
192.168.0.2- 192.168.0.255.  Computers are all able to share their
resources and to go on the Internet.

The problem is that the iMac G3 cannot communicate with the other
machines on 192.168.0.x and I'd like to know if there is a way around
it?

Thanks.

2. SUSE 6.1 & PPP

3. Using 192.168.0 versus 192.168.1

4. Using Crond / Automated backup

5. 192.168.0.0 vs. 192.168.1.0

6. Problem with windows in X

7. Browsing 192.168.0.23 returns 192.168.0.11, why?

8. How to control xdm access

9. NAT Interface 192.168.1.x External 192.168.1.x Possible?

10. Routing Linux 192.168.10.x network to Dlink router on 192.168.1.x network

11. 192.168.0.* vs 192.168.1.*

12. Connection attempt to TCP 192.168.0.13:3128 from 192.168.0.12:2050

13. Can't Find Server Name for Address 192.168.1.4