[NTLUG:Discuss] Forwarded Question: Firewall setup issues

m m llliiilll at hotmail.com
Mon Jun 26 23:09:09 CDT 2000 

Hi Daniel:
Thank you for the input. yes, That is what I want and it's a great help.
Use the same concept, I can add anothr webserver (see diagram below), right?
what is the eth0:1 mean? I know eth0, but not :1 here.
is the 2nd ip asigned to that same card?

Internet -- Firwall --- webserver------------------|>eth0:1
                |  |--- another webserver ---------|>eth?:?
                |------- 192.168.1.10
                        |ipmasqurade - configured
                |------- 192.168.1.11
                        |/etc/hosts - configured
                |------- 192.168.1.12
                |------- 192.168.1.13

your diagram do not show which ones are DNS servers (with IP 216.61.196.129, 
216.61.196.130. Is one of them point to 192.168.1.11?) where should they be 
in this diagram?

what programs should the firewall box running?
DNS?
ipmasqurade?
ipchain?
Squid?

Thanks

jc

>From: "Daniel L. Shipman" <webmaster at srj.net>
>Reply-To: discuss at ntlug.org
>To: <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
>Date: Mon, 26 Jun 2000 17:32:15 -0500
>
>Maybe if you look at it this way
>
>
>|>lo
>
>|>eth0:1
>Internet -- Firwall --- webserver------------------|>eth0:1
>                  |------- 192.168.1.10
>                          |ipmasqurade - configured
>                  |------- 192.168.1.11
>                          |/etc/hosts - configured
>                  |------- 192.168.1.12
>                  |------- 192.168.1.13
>                  |------- 192.168.1.14
>                  |------- 192.168.1.15
>                  |------- 192.168.1.16
>                  |------- 192.168.1.17
>                  |------- 192.168.1.18
>                  |------- 192.168.1.19
>                  |------- 192.168.1.20
>                  |------- 192.168.1.21
>                  |------- 192.168.1.22
>                  |------- 192.168.1.23
>                  |------- 192.168.1.24
>                  |------- 192.168.1.25
>                  |------- 192.168.1.26
>                  |------- 192.168.1.27
>                  |------- 192.168.1.28
>                  |------- 192.168.1.29
>
>#############
># lo
>#BROADCAST=127.255.255.255
>ONBOOT=yes
>NAME=loopback
>BOOTPROTO=none
>
>#############
># eth0
>#DEVICE=eth0
>#IPADDR=216.61.196.129
>#NETMASK=255.255.255.248
>#NETWORK=216.61.196.128
>#BROADCAST=216.61.196.135
>#ONBOOT=yes
>#BOOTPROTO=none
>
>#############
># eth0:1
>#DEVICE=eth0:1
>#IPADDR=192.168.1.1
>#NETMASK=255.255.255.0
>#NETWORK=192.168.1.0
>#BROADCAST=192.168.1.255
>#ONBOOT=yes
>#BOOTPROTO=none
>
>#############
># /etc/hosts
>#127.0.0.1       localhost       localhost.localdomain
>#216.61.196.129  ns1.srjmarketing.com    ns1
>#216.61.196.130  ns2.srjmarketing.com    ns2
>#192.168.1.10    daniel
>#192.168.1.11    hugh
>#192.168.1.12    srjcom
>#192.168.1.14    front_desk
>#192.168.1.15    srjcom4
>#192.168.1.16    art_desk2
>#192.168.1.17    art_desk3
>#192.168.1.18    kim
>#192.168.1.19    damon
>#192.168.1.20    assist
>#192.168.1.21    brad
>#192.168.1.22    Steve_laptop
>#192.168.1.23    Louis
>#192.168.1.24    Betty
>#192.168.1.25    Jon_Jamey
>#192.168.1.26    Lewis
>#192.168.1.27    Telemarketer
>#192.168.1.28    Client_interface
>#192.168.1.29    Daniel_laptop
>
>If you want to run macs on the network the primary server should be
>configured with atalkd
>If you want file sharing with the server run samba
>Each windoz machine should be configured as well - in this network they
>would be configured as follows:
>Start-controlpannel-network-add-protocol-microsoft-tcp/ip-add-client-microso
>ft-client for microsoft networks-add-service-file&printer sharing
>Select the tcp/ip ethernet addapter from the list - properties - IP
>Address - specify - give the private ip address (for Daniel it would be
>192.168.1.10) - subnetmask is 255.255.255.0 - WINS Config - Disable -
>Gateway - 192.168.1.1 - DNS Config - enter hostsname - and domain - enter
>DNS search order (for this network 216.61.196.130&216/61.196.129 don't use
>SWB's - your behind the firewall at this point) - bindings - check them as
>necessary
>
>Hope this helps
>
>
>
>
>----- Original Message -----
>From: m m <llliiilll at hotmail.com>
>To: <discuss at ntlug.org>
>Sent: Monday, June 26, 2000 2:16 PM
>Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
>
>
> > Hi all:
> >
> >
> > >From: "Daniel L. Shipman" <webmaster at srj.net>
> > >Reply-To: discuss at ntlug.org
> > >To: <discuss at ntlug.org>
> > >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> > >Date: Mon, 26 Jun 2000 10:53:12 -0500
> > >
> > >No - don't use the IPS - do this
> > >
> > >set eth0:0 to the specified stuff gateway broadcast netmask etc.
> > >get ipmasqurade
> > >set eth0:1 to be 192.168.1.1
> > >set the IPs of the local machines to hit 192.168.1.1 as the server
> >
> > would you take an example for me?
> > these local machines are different form the ones you mention below?
> >
> > this is the diagram I think should be (correct me if I am wrong)
> > Internet -- Firwall --- webserver
> >                 |
> >                 |------- networking
> >
> > which machines are talking about? the firewall one?
> >
> > >set the ips of the local machines in /etc/hosts to be within the
> > >192.168.1.*
> > >block
> >
> > the following is from Gregory's reply
> >
> > > >From: "Gregory L. Camp" <Gregory.Camp at osc.com>
> > > >-----Original Message-----
> > > >From: m m [mailto:llliiilll at hotmail.com]
> > > >Sent: Sunday, June 25, 2000 5:22 PM
> > > >To: discuss at ntlug.org
> > > >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup 
>issues
> > > >
> >
> > >If I read your question correctly, you want to assign the firewall to
> > > >serve multiple IPs?  You can do that if you really want to (the NIC
> >will
> > >have eth0:0, eth0:1, etc. for as many ips as you assign to it), >but 
>most
> > >web servers allow you to look at the incoming request and >show the
> > >appropriate page.
> >
> > Yes, That is what I want. and I need help on this issue. I am studing 
>the
> > Firewall and IPCHAIN (going to add IP Masqurade, NIC) HOWTO.
> >
> > >For example, www.here.com and www.there.com could both go to the same
> > > >machine, but the webserver reads the "Host Header Name" to determine
> > > >which web page to show.  I know apache lets you do this.  Look for
> > > >config options for "Virtual Servers" I believe.  It's been a while, 
>so
> >I
> > >don't recall the exact parameters you would need to change.
> >
> > I know this.
> >
> > >If you really want to use multiple IPs, that should work also.  You 
> >just
> > >setup the firewall rules for the appropriate eth0:? number and >that
>should
> > >take care of it.
> >
> > Again, That is what i need to know. Could you give some hint or refer me
> > some site or materials for me?
> >
> > Thanks a lots.
> >
> > jc
> >
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >
> > _______________________________________________
> > http://ntlug.org/mailman/listinfo/discuss
>
>
>_______________________________________________
>http://ntlug.org/mailman/listinfo/discuss

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

More information about the Discuss mailing list