Re: Routing problem...
English, there a lot of us non-native-english speakers around, so that's
no big deal.
I don't know xSDL MODEMs. I assume they work lika a hub.
There more than one way to solve that problem. I'd do this:
LAN INTERNET
+--------------+
| COMP. A |
| 192.168.1.10 |-+ eth1 eth0
+--------------+ | +----------------+ 195.117.3.4 | +----------+
|----| DEBIAN MACHINE |-------------|---|xSDL MODEM|--ISP--
+--------------+ | | 192.168.1.1 | | +----------+
| COMP. B |-+ +----------------+ |
| 192.168.1.11 | |
+--------------+ +------------+ 195.117.3.5 |
| WWW SERVER |-----------------|
+------------+ |
On "COMP. x":
route add default gw 192.168.1.1
On "WWW SERVER":
strip out everything you don't really need
On "DEBIAN MACHINE":
strip out everything you don't really need
install ipmasq
# apt-cache show ipmasq
Package: ipmasq
Priority: extra
Section: net
Installed-Size: 124
Maintainer: Brian Bassett <brianb@debian.org>
Architecture: all
Version: 3.4.4
Depends: netbase
Suggests: midentd
Filename: dists/potato/main/binary-all/net/ipmasq_3.4.4.deb
Size: 37256
MD5sum: 2c8921493912ce352e8b2308fd20b85c
Description: Securely initializes IP Masquerade forwarding/firewalling
This package contains scripts to initialize IP Masquerade for use as a
firewall. IP Masquerade is a feature of Linux that allows an entire network
of computers to be connected to another network (usually the Internet) with
only one network address on the other network. IP Masquerade is often
referred to as NAT (Network Address Translation) on other platforms.
.
By default, this package configures the system as a basic forwarding
firewall, with IP spoofing and stuffed routing protection. The firewall
will allow hosts behind the firewall to get to the Internet, but not allow
connections from the Internet to reach the hosts behind the firewall.
However, ipmasq now features a very flexible framework where you can
override any of the predefined rules if you so choose. It also allows you
to control if the rules are reinterpreted when pppd brings a link up or
down.
.
This package should be installed on the firewall host and not on the
hosts behind the firewall.
.
IP Masquerade requires the kernel to be compiled with CONFIG_FIREWALL,
CONFIG_IP_FIREWALL, CONFIG_IP_FORWARD, and CONFIG_IP_MASQUERADE.
------------------------------------------------------------------------
From: Mateusz Mazur <vincent@waw.pdi.net>
Subject: Routing problem...
Date: Thu, 22 Mar 2001 13:20:46 +0100
> Hello.
> I will be very, very greatfull for your help. I'am newbie and I have big
> trouble (big for me of course). I would also apologize for my english. I'am
> from Poland and english isn't my nativ language. Here is some kind of map.
> It should illustrate my problem.
>
> LAN INTERNET
>
> +--------------+
> | COMP. A |
> | 192.168.1.10 |-----+
> +--------------+ | +----------------+ +----------+
> |----| DEBIAN MACHINE |----------|xSDL MODEM|--ISP--
> +--------------+ | | 192.168.1.1 | +----------+
> | COMP. B |-----+ +----------------+ 195.117.3.4
> | 192.168.1.11 | | 195.117.3.5
> +--------------+ | +------------+
> +---| WWW SERVER |
> +------------+
>
> So...
> My ISP give me xSDL modem (1 Mbit/s to the internet) with ethernet plug on
> the end. He give me aslo two public IP and he routes this IP to this modem.
> Questione is... How to configure Debian Machine to work with that. I want to
> have one IP for Debian Machine and one IP to www server. I also want to have
> that computers from my local networks could use internet connection (I think
> I must use IP Masqu for that - it is also a problem).
> But the main problem is that I don't know how to
> configure DEBIAN MACHINE to route this. For example. If COMP A want to
> vistit WWW SERVER (i guest he can uses DNS from ISP) he should go stright to
> WWW SERVER (without MODEM). I don't know how sould it work. DEBIAN MACHINE
> has tree pci network cards (one for lan, one for modem and the last one for
> www server). Second question is what rules for firewall (ipchains I tink)
> should I made.
>
> How I say. I'am newbie so I would be greatfull for complete solution, but
> even small help will be nice (I have no idea what should I do).
>
> Big thanks.
>
> I send this message to debian-user and debian-firewall. Sorry for that.
>
> Mateusz Mazur
> vincent@waw.pdi.net
Regards,
/Karl
-----------------------------------------------------------------------
Karl Hammar Aspö Data karl@kalle.csb.ki.se
Lilla Aspö 2340 +46 173 140 57 Networks
S-742 94 Östhammar +46 10 270 26 67 Computers
Sweden Consulting
-----------------------------------------------------------------------
Reply to: