Re: Please excuse, but I am not a router/firewall-guru...

To: debian-firewall <debian-firewall@lists.debian.org>
Subject: Re: Please excuse, but I am not a router/firewall-guru...
From: Michelle Konzack <linux4michelle@freenet.de>
Date: Sat, 05 Apr 2003 04:50:02 +0200
Message-id: <[🔎] 3.0.6.16.20030405045002.132fdb3e@pop3.01019freenet.de>
In-reply-to: <200303311030.h2VAUORK002438@opal.aspo.lcl>
References: <Message from Michelle Konzack <linux4michelle@freenet.de> <3.0.6.16.20030318143914.0f4f818a@pop3.01019freenet.de> <3.0.6.16.20030318143914.0f4f818a@pop3.01019freenet.de>

Hello Karl, 

Am 12:30 2003-03-31 +0200 hat Karl Hammar geschrieben:
>
>> Hello, 
>...

>>                                         +-----------+
>>                                         | router    |
>>                 +-----------+           |       eth1+--- publicnet
>>                 |           |           |           |
>>                 |  ppp-box  |           |       eth2+---privatenet
>>                 |           |IP-Masq    |           |
>> Inet -----------+ppp0   eth1+-----------+eth0   eth3+--- securenet
>> By-Call-ISP     |           |           |           |
>>                 |           |           |       eth4+--- cybernet
>>                 |           |           |           |
>>                 +-----------+           |       eth5+--- wavenet
>>                                         |           |
>>                                         +-----------+

>> Firewall comes soon...
>> 
>> Thanks
>> Michelle Konzack
>...
>
>** A
>Wrong broadcast for eth2?
>Shouldn't it be 192.168.1.95

Oops, - right, it was a Typo... 

>** B
>Using the same ip number for router:eth0 and ppp-box:eth1 is a bad idea.
>You could do like:

Same as A   :-(

>  ppp-box:
>ifconfig  eth1 192.168.1.122 netmask 255.255.255.240 broadcast 192.168.1.127
>route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
>route add default gw <your isp>
>route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.121
>
>  router:
>ifconfig  eth0 192.168.1.121 netmask 255.255.255.240 broadcast 192.168.1.127
>route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
>route add default gw 192.168.1.122

Hmmm... Thats all ??? 
Man, - I am stupid !!! 

>** C
>(You don't do routing with iptables. You filters, logs, and rewrites
>packet headers with it.)

Ah OK...

>You use the same config as in B above (except that you don't have to
>add the route to the local net since the kernel does it for you when you
>do ifconfig).

I am realy confused, because in 1999-2001 I was using SLINK then I was 
a very long time in Hospital and last year I was switching to WOODY.. 

never used POTATO...

Many things to learn new... - Oops !!

>Regards,
>/Karl

Many thanks to Sweden
Michelle

-- 
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
+--------------------------------------------------------------------------+
| Michelle's Internet-Service                    Inh.  Michelle Konzack    |
| FunkLAN-Providerin                                                       |
+--------------------------------------------------------------------------+

Reply to:

Prev by Date: Re: stoping net scans
Next by Date: Re: stoping net scans
Previous by thread: IPtables or shorewall
Next by thread: ip_conntrack_ftp
Index(es):
- Date
- Thread