Re: Routing problem...

To: debian-firewall@lists.debian.org
Subject: Re: Routing problem...
From: Michael Wood <wood@kingsley.co.za>
Date: Fri, 23 Mar 2001 09:13:13 +0200
Message-id: <20010323091312.B26951@lion.kingsley.co.za>
In-reply-to: <20010322190025Z.karl@kalle.csb.ki.se>; from karl@kalle.csb.ki.se on Thu, Mar 22, 2001 at 07:00:25PM +0100
References: <20010322132046.B22198@ornak.waw.pdi.net> <20010322190025Z.karl@kalle.csb.ki.se>

Hi

On Thu, Mar 22, 2001 at 07:00:25PM +0100, Karl Hammar wrote:
[snip]
> I don't know xSDL MODEMs. I assume they work lika a hub.
> There more than one way to solve that problem. I'd do this:

That's probably meant to be xDSL, (as in ADSL or SDSL etc. or
more commonly just called "DSL")

Unfortunately I don't have any experience with xDSL either :)

>             LAN                                           INTERNET
> 	
> +--------------+
> |   COMP. A    |
> | 192.168.1.10 |-+    eth1          eth0
> +--------------+ |    +----------------+ 195.117.3.4 |   +----------+
>                  |----| DEBIAN MACHINE |-------------|---|xSDL MODEM|--ISP--
> +--------------+ |    |   192.168.1.1  |             |   +----------+
> |   COMP. B    |-+    +----------------+             |
> | 192.168.1.11 |                                     |
> +--------------+      +------------+     195.117.3.5 |
>                       | WWW SERVER |-----------------|
> 		        +------------+                 |

The problem with this is that his web server wouldn't be
firewalled at all.

> On "COMP. x":
>    route add default gw 192.168.1.1
> 
> On "WWW SERVER":
>    strip out everything you don't really need
>  
> On "DEBIAN MACHINE":
>    strip out everything you don't really need
>    install ipmasq
[snip]
> ------------------------------------------------------------------------
> From: Mateusz Mazur <vincent@waw.pdi.net>
> Subject: Routing problem...
> Date: Thu, 22 Mar 2001 13:20:46 +0100
> 
> > Hello.
> > I will be very, very greatfull for your help. I'am newbie
> > and I have big trouble (big for me of course). I would also
> > apologize for my english. I'am from Poland and english isn't
> > my nativ language. Here is some kind of map.  It should
> > illustrate my problem.
> > 
> >             LAN                                              INTERNET
> > 	
> > +--------------+
> > |   COMP. A    |
> > | 192.168.1.10 |-----+
> > +--------------+     |    +----------------+          +----------+
> >                      |----| DEBIAN MACHINE |----------|xSDL MODEM|--ISP--
> > +--------------+     |    |   192.168.1.1  |          +----------+
> > |   COMP. B    |-----+    +----------------+          195.117.3.4
> > | 192.168.1.11 |                |                     195.117.3.5
> > +--------------+                |   +------------+
> >                                 +---| WWW SERVER |
> > 				    +------------+

To set things up this way, you're going to need to use proxy-arp
or port forwarding to get to the IP address of the web server.

The ISP probably expects you to plug your firewall, web
server and the xDSL thing into a hub/switch, so the DSL modem
will not be able to see the web server if you have it behind the
firewall.

If you set up proxy-arp on the debian machine, you can trick the
xDSL modem into thinking that the web server and the debian box
are both on the same local network.

Hope that helps.

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to:

References:
- Routing problem...
  - From: Mateusz Mazur <vincent@waw.pdi.net>
- Re: Routing problem...
  - From: Karl Hammar <karl@kalle.csb.ki.se>

Prev by Date: Firewall Eval.
Next by Date: IP tables setup
Previous by thread: Re: Routing problem...
Next by thread: Re: Routing problem...
Index(es):
- Date
- Thread