[NTLUG:Discuss] Forwarded Question: Firewall setup issues

Daniel L. Shipman webmaster at srj.net
Mon Jun 26 17:32:15 CDT 2000 

Maybe if you look at it this way


|>lo

|>eth0:1
Internet -- Firwall --- webserver------------------|>eth0:1
                 |------- 192.168.1.10
                         |ipmasqurade - configured
                 |------- 192.168.1.11
                         |/etc/hosts - configured
                 |------- 192.168.1.12
                 |------- 192.168.1.13
                 |------- 192.168.1.14
                 |------- 192.168.1.15
                 |------- 192.168.1.16
                 |------- 192.168.1.17
                 |------- 192.168.1.18
                 |------- 192.168.1.19
                 |------- 192.168.1.20
                 |------- 192.168.1.21
                 |------- 192.168.1.22
                 |------- 192.168.1.23
                 |------- 192.168.1.24
                 |------- 192.168.1.25
                 |------- 192.168.1.26
                 |------- 192.168.1.27
                 |------- 192.168.1.28
                 |------- 192.168.1.29

#############
# lo
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
BOOTPROTO=none

#############
# eth0
#DEVICE=eth0
#IPADDR=216.61.196.129
#NETMASK=255.255.255.248
#NETWORK=216.61.196.128
#BROADCAST=216.61.196.135
#ONBOOT=yes
#BOOTPROTO=none

#############
# eth0:1
#DEVICE=eth0:1
#IPADDR=192.168.1.1
#NETMASK=255.255.255.0
#NETWORK=192.168.1.0
#BROADCAST=192.168.1.255
#ONBOOT=yes
#BOOTPROTO=none

#############
# /etc/hosts
#127.0.0.1       localhost       localhost.localdomain
#216.61.196.129  ns1.srjmarketing.com    ns1
#216.61.196.130  ns2.srjmarketing.com    ns2
#192.168.1.10    daniel
#192.168.1.11    hugh
#192.168.1.12    srjcom
#192.168.1.14    front_desk
#192.168.1.15    srjcom4
#192.168.1.16    art_desk2
#192.168.1.17    art_desk3
#192.168.1.18    kim
#192.168.1.19    damon
#192.168.1.20    assist
#192.168.1.21    brad
#192.168.1.22    Steve_laptop
#192.168.1.23    Louis
#192.168.1.24    Betty
#192.168.1.25    Jon_Jamey
#192.168.1.26    Lewis
#192.168.1.27    Telemarketer
#192.168.1.28    Client_interface
#192.168.1.29    Daniel_laptop

If you want to run macs on the network the primary server should be
configured with atalkd
If you want file sharing with the server run samba
Each windoz machine should be configured as well - in this network they
would be configured as follows:
Start-controlpannel-network-add-protocol-microsoft-tcp/ip-add-client-microso
ft-client for microsoft networks-add-service-file&printer sharing
Select the tcp/ip ethernet addapter from the list - properties - IP
Address - specify - give the private ip address (for Daniel it would be
192.168.1.10) - subnetmask is 255.255.255.0 - WINS Config - Disable -
Gateway - 192.168.1.1 - DNS Config - enter hostsname - and domain - enter
DNS search order (for this network 216.61.196.130&216/61.196.129 don't use
SWB's - your behind the firewall at this point) - bindings - check them as
necessary

Hope this helps




----- Original Message -----
From: m m <llliiilll at hotmail.com>
To: <discuss at ntlug.org>
Sent: Monday, June 26, 2000 2:16 PM
Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues


> Hi all:
>
>
> >From: "Daniel L. Shipman" <webmaster at srj.net>
> >Reply-To: discuss at ntlug.org
> >To: <discuss at ntlug.org>
> >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> >Date: Mon, 26 Jun 2000 10:53:12 -0500
> >
> >No - don't use the IPS - do this
> >
> >set eth0:0 to the specified stuff gateway broadcast netmask etc.
> >get ipmasqurade
> >set eth0:1 to be 192.168.1.1
> >set the IPs of the local machines to hit 192.168.1.1 as the server
>
> would you take an example for me?
> these local machines are different form the ones you mention below?
>
> this is the diagram I think should be (correct me if I am wrong)
> Internet -- Firwall --- webserver
>                 |
>                 |------- networking
>
> which machines are talking about? the firewall one?
>
> >set the ips of the local machines in /etc/hosts to be within the
> >192.168.1.*
> >block
>
> the following is from Gregory's reply
>
> > >From: "Gregory L. Camp" <Gregory.Camp at osc.com>
> > >-----Original Message-----
> > >From: m m [mailto:llliiilll at hotmail.com]
> > >Sent: Sunday, June 25, 2000 5:22 PM
> > >To: discuss at ntlug.org
> > >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> > >
>
> >If I read your question correctly, you want to assign the firewall to
> > >serve multiple IPs?  You can do that if you really want to (the NIC
>will
> >have eth0:0, eth0:1, etc. for as many ips as you assign to it), >but most
> >web servers allow you to look at the incoming request and >show the
> >appropriate page.
>
> Yes, That is what I want. and I need help on this issue. I am studing the
> Firewall and IPCHAIN (going to add IP Masqurade, NIC) HOWTO.
>
> >For example, www.here.com and www.there.com could both go to the same
> > >machine, but the webserver reads the "Host Header Name" to determine
> > >which web page to show.  I know apache lets you do this.  Look for
> > >config options for "Virtual Servers" I believe.  It's been a while, so
>I
> >don't recall the exact parameters you would need to change.
>
> I know this.
>
> >If you really want to use multiple IPs, that should work also.  You >just
> >setup the firewall rules for the appropriate eth0:? number and >that
should
> >take care of it.
>
> Again, That is what i need to know. Could you give some hint or refer me
> some site or materials for me?
>
> Thanks a lots.
>
> jc
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list