[NTLUG:Discuss] Forwarded Question: Firewall setup issues
Daniel L. Shipman
webmaster at srj.net
Tue Jun 27 10:02:23 CDT 2000
yes - your diagram would allow for another server
yes thats the beauty of using ifconfig stuff - you can add multiple ip
addresses to the exact same physical ethernet card
----- Original Message -----
From: m m <llliiilll at hotmail.com>
To: <discuss at ntlug.org>
Sent: Monday, June 26, 2000 11:09 PM
Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> Hi Daniel:
> Thank you for the input. yes, That is what I want and it's a great help.
> Use the same concept, I can add anothr webserver (see diagram below),
right?
> what is the eth0:1 mean? I know eth0, but not :1 here.
> is the 2nd ip asigned to that same card?
>
> Internet -- Firwall --- webserver------------------|>eth0:1
> | |--- another webserver ---------|>eth?:?
> |------- 192.168.1.10
> |ipmasqurade - configured
> |------- 192.168.1.11
> |/etc/hosts - configured
> |------- 192.168.1.12
> |------- 192.168.1.13
>
> your diagram do not show which ones are DNS servers (with IP
216.61.196.129,
> 216.61.196.130. Is one of them point to 192.168.1.11?) where should they
be
> in this diagram?
>
> what programs should the firewall box running?
> DNS?
> ipmasqurade?
> ipchain?
> Squid?
>
> Thanks
>
> jc
>
> >From: "Daniel L. Shipman" <webmaster at srj.net>
> >Reply-To: discuss at ntlug.org
> >To: <discuss at ntlug.org>
> >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> >Date: Mon, 26 Jun 2000 17:32:15 -0500
> >
> >Maybe if you look at it this way
> >
> >
> >|>lo
> >
> >|>eth0:1
> >Internet -- Firwall --- webserver------------------|>eth0:1
> > |------- 192.168.1.10
> > |ipmasqurade - configured
> > |------- 192.168.1.11
> > |/etc/hosts - configured
> > |------- 192.168.1.12
> > |------- 192.168.1.13
> > |------- 192.168.1.14
> > |------- 192.168.1.15
> > |------- 192.168.1.16
> > |------- 192.168.1.17
> > |------- 192.168.1.18
> > |------- 192.168.1.19
> > |------- 192.168.1.20
> > |------- 192.168.1.21
> > |------- 192.168.1.22
> > |------- 192.168.1.23
> > |------- 192.168.1.24
> > |------- 192.168.1.25
> > |------- 192.168.1.26
> > |------- 192.168.1.27
> > |------- 192.168.1.28
> > |------- 192.168.1.29
> >
> >#############
> ># lo
> >#BROADCAST=127.255.255.255
> >ONBOOT=yes
> >NAME=loopback
> >BOOTPROTO=none
> >
> >#############
> ># eth0
> >#DEVICE=eth0
> >#IPADDR=216.61.196.129
> >#NETMASK=255.255.255.248
> >#NETWORK=216.61.196.128
> >#BROADCAST=216.61.196.135
> >#ONBOOT=yes
> >#BOOTPROTO=none
> >
> >#############
> ># eth0:1
> >#DEVICE=eth0:1
> >#IPADDR=192.168.1.1
> >#NETMASK=255.255.255.0
> >#NETWORK=192.168.1.0
> >#BROADCAST=192.168.1.255
> >#ONBOOT=yes
> >#BOOTPROTO=none
> >
> >#############
> ># /etc/hosts
> >#127.0.0.1 localhost localhost.localdomain
> >#216.61.196.129 ns1.srjmarketing.com ns1
> >#216.61.196.130 ns2.srjmarketing.com ns2
> >#192.168.1.10 daniel
> >#192.168.1.11 hugh
> >#192.168.1.12 srjcom
> >#192.168.1.14 front_desk
> >#192.168.1.15 srjcom4
> >#192.168.1.16 art_desk2
> >#192.168.1.17 art_desk3
> >#192.168.1.18 kim
> >#192.168.1.19 damon
> >#192.168.1.20 assist
> >#192.168.1.21 brad
> >#192.168.1.22 Steve_laptop
> >#192.168.1.23 Louis
> >#192.168.1.24 Betty
> >#192.168.1.25 Jon_Jamey
> >#192.168.1.26 Lewis
> >#192.168.1.27 Telemarketer
> >#192.168.1.28 Client_interface
> >#192.168.1.29 Daniel_laptop
> >
> >If you want to run macs on the network the primary server should be
> >configured with atalkd
> >If you want file sharing with the server run samba
> >Each windoz machine should be configured as well - in this network they
> >would be configured as follows:
>
>Start-controlpannel-network-add-protocol-microsoft-tcp/ip-add-client-micros
o
> >ft-client for microsoft networks-add-service-file&printer sharing
> >Select the tcp/ip ethernet addapter from the list - properties - IP
> >Address - specify - give the private ip address (for Daniel it would be
> >192.168.1.10) - subnetmask is 255.255.255.0 - WINS Config - Disable -
> >Gateway - 192.168.1.1 - DNS Config - enter hostsname - and domain - enter
> >DNS search order (for this network 216.61.196.130&216/61.196.129 don't
use
> >SWB's - your behind the firewall at this point) - bindings - check them
as
> >necessary
> >
> >Hope this helps
> >
> >
> >
> >
> >----- Original Message -----
> >From: m m <llliiilll at hotmail.com>
> >To: <discuss at ntlug.org>
> >Sent: Monday, June 26, 2000 2:16 PM
> >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup issues
> >
> >
> > > Hi all:
> > >
> > >
> > > >From: "Daniel L. Shipman" <webmaster at srj.net>
> > > >Reply-To: discuss at ntlug.org
> > > >To: <discuss at ntlug.org>
> > > >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup
issues
> > > >Date: Mon, 26 Jun 2000 10:53:12 -0500
> > > >
> > > >No - don't use the IPS - do this
> > > >
> > > >set eth0:0 to the specified stuff gateway broadcast netmask etc.
> > > >get ipmasqurade
> > > >set eth0:1 to be 192.168.1.1
> > > >set the IPs of the local machines to hit 192.168.1.1 as the server
> > >
> > > would you take an example for me?
> > > these local machines are different form the ones you mention below?
> > >
> > > this is the diagram I think should be (correct me if I am wrong)
> > > Internet -- Firwall --- webserver
> > > |
> > > |------- networking
> > >
> > > which machines are talking about? the firewall one?
> > >
> > > >set the ips of the local machines in /etc/hosts to be within the
> > > >192.168.1.*
> > > >block
> > >
> > > the following is from Gregory's reply
> > >
> > > > >From: "Gregory L. Camp" <Gregory.Camp at osc.com>
> > > > >-----Original Message-----
> > > > >From: m m [mailto:llliiilll at hotmail.com]
> > > > >Sent: Sunday, June 25, 2000 5:22 PM
> > > > >To: discuss at ntlug.org
> > > > >Subject: Re: [NTLUG:Discuss] Forwarded Question: Firewall setup
> >issues
> > > > >
> > >
> > > >If I read your question correctly, you want to assign the firewall to
> > > > >serve multiple IPs? You can do that if you really want to (the NIC
> > >will
> > > >have eth0:0, eth0:1, etc. for as many ips as you assign to it), >but
> >most
> > > >web servers allow you to look at the incoming request and >show the
> > > >appropriate page.
> > >
> > > Yes, That is what I want. and I need help on this issue. I am studing
> >the
> > > Firewall and IPCHAIN (going to add IP Masqurade, NIC) HOWTO.
> > >
> > > >For example, www.here.com and www.there.com could both go to the same
> > > > >machine, but the webserver reads the "Host Header Name" to
determine
> > > > >which web page to show. I know apache lets you do this. Look for
> > > > >config options for "Virtual Servers" I believe. It's been a while,
> >so
> > >I
> > > >don't recall the exact parameters you would need to change.
> > >
> > > I know this.
> > >
> > > >If you really want to use multiple IPs, that should work also. You
> > >just
> > > >setup the firewall rules for the appropriate eth0:? number and >that
> >should
> > > >take care of it.
> > >
> > > Again, That is what i need to know. Could you give some hint or refer
me
> > > some site or materials for me?
> > >
> > > Thanks a lots.
> > >
> > > jc
> > >
> > >
________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
> > >
> > >
> > > _______________________________________________
> > > http://ntlug.org/mailman/listinfo/discuss
> >
> >
> >_______________________________________________
> >http://ntlug.org/mailman/listinfo/discuss
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list