[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Routing problem

To: Aaron Cronkright <aaron@cronkright.com>
Subject: Re: Routing problem
From: Nate Reindl <reindlnr@apci.net>
Date: Sat, 31 Aug 2002 23:28:53 -0500 (CDT)
Cc: silug-discuss@silug.org
In-Reply-To: <1030850265.3d7186d9ac9f6@www.cronkright.com>
Organization: Southern Illinois Linux Users Group
References: <1030847376.3d717b901fbe9@webmail.apci.net> <1030850265.3d7186d9ac9f6@www.cronkright.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org
User-Agent: IMP/PHP IMAP webmail program 2.2.3

Quoting Aaron Cronkright <aaron@cronkright.com>:

> 1:  You can split up your private network in to several subnets and route 
> different Public IP's to them.  This could be done by assigning more than one 
> IP address to the same 'eth' interface.  Firewalling this could be tricky and 
> complex.

Firewalling would be easy here, assuming each client is running Linux or some
other remotely secure OS.  And, uhm, I'm hoping to do it on a per-host basis
instead of a per-network one.  As in 172.16.128.1 (IN) to 208.135.139.17 (OUT)
and the like instead of 172.16.128.0/24 (IN) to 208.135.139.17 (OUT).

> It all depends on what you want to do...  If you want a NAT box that is 
> seperate from your web, email, etc box you can do that as well.  My web/email 

This is the preferred method.  I don't want a puny 450MHz box hosting stuff when
I have a 1GHz box in the adjacent closet doing all that :)

> server is seperate from my NAT/firewall box with each having its own public ip 
> address.  My dsl router happens to have a 4-port hub built into it so I just 
               ^^^^^^^^^^
DSL router?  This is what I'm trying to build in the first place...

{Internet}<=>(DSL 'modem')<=>(K6-2/450 running Linux)<=>[LAN]

> plug each box into the router.  The concern is that I have to firewall *both* 
> boxes because they are both connected directly to the outside world.

Firewalling isn't that big of a deal.  Just make sure you know what the hell
you're doing.
 
> If you only have one private network to NAT then you really only need one 
> Public IP to do so.

Here's the problem.  I'd like to have a good percentage of my machines (my
servers, my workstation, the router, and whatever dad wants) to be seen from the
outside world.  Trying to SSH into my workstation from some location other than
my LAN is impossible because of my current config.  Likewise with my servers. 
It's just a RPITA.  To give you a slight idea of what I'm talking about:

konstanz.ram.silug.org => 208.135.139.21 => 172.16.128.5
dreamer.ram.silug.org => 208.135.139.20 => 172.16.128.4

And, uhm, as soon as I decide to fix my DNS, those will actually resolve.  No,
that's not all I plan to have available to the outside world.  Yes, I gave in to
posting a tidbit of my subnet.  Sue me.

What I was aiming for, though, were actual commands or decent docs to get this
thing off the ground.  I have my basic setup going right now ala my hackup of
Eric's rules, but reaching my objective still has to be done.  Like I said in my
original mail, I can't find *any* documentation on how to do this whatsoever.

FYI, my ISP requires that I use PPPoE to establish a connection.  I don't think
I mentioned that in my original mail...

-- 
Nate Reindl, The Fabled Halfling.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Routing problem
  - From: Nate Reindl <reindlnr@apci.net>

Prev by Date: Routing problem
Prev by thread: Routing problem
Next by thread: [OT] NE2000s?
Index(es):
- Date
- Thread