Re: Routing problem...

To: debian-firewall@lists.debian.org
Subject: Re: Routing problem...
From: Karl Hammar <karl@kalle.csb.ki.se>
Date: Thu, 22 Mar 2001 19:00:25 +0100
Message-id: <20010322190025Z.karl@kalle.csb.ki.se>
In-reply-to: <20010322132046.B22198@ornak.waw.pdi.net>
References: <20010322132046.B22198@ornak.waw.pdi.net>

English, there a lot of us non-native-english speakers around, so that's
no big deal.

I don't know xSDL MODEMs. I assume they work lika a hub.
There more than one way to solve that problem. I'd do this:

            LAN                                           INTERNET
	
+--------------+
|   COMP. A    |
| 192.168.1.10 |-+    eth1          eth0
+--------------+ |    +----------------+ 195.117.3.4 |   +----------+
                 |----| DEBIAN MACHINE |-------------|---|xSDL MODEM|--ISP--
+--------------+ |    |   192.168.1.1  |             |   +----------+
|   COMP. B    |-+    +----------------+             |
| 192.168.1.11 |                                     |
+--------------+      +------------+     195.117.3.5 |
                      | WWW SERVER |-----------------|
		      +------------+                 |

On "COMP. x":
   route add default gw 192.168.1.1

On "WWW SERVER":
   strip out everything you don't really need
 
On "DEBIAN MACHINE":
   strip out everything you don't really need
   install ipmasq

   # apt-cache show ipmasq
   Package: ipmasq
   Priority: extra
   Section: net
   Installed-Size: 124
   Maintainer: Brian Bassett <brianb@debian.org>
   Architecture: all
   Version: 3.4.4
   Depends: netbase
   Suggests: midentd
   Filename: dists/potato/main/binary-all/net/ipmasq_3.4.4.deb
   Size: 37256
   MD5sum: 2c8921493912ce352e8b2308fd20b85c
   Description: Securely initializes IP Masquerade forwarding/firewalling
    This package contains scripts to initialize IP Masquerade for use as a
    firewall.  IP Masquerade is a feature of Linux that allows an entire network
    of computers to be connected to another network (usually the Internet) with
    only one network address on the other network.  IP Masquerade is often
    referred to as NAT (Network Address Translation) on other platforms.
    .
    By default, this package configures the system as a basic forwarding
    firewall, with IP spoofing and stuffed routing protection.  The firewall
    will allow hosts behind the firewall to get to the Internet, but not allow
    connections from the Internet to reach the hosts behind the firewall.
    However, ipmasq now features a very flexible framework where you can
    override any of the predefined rules if you so choose.  It also allows you
    to control if the rules are reinterpreted when pppd brings a link up or
    down.
    .
    This package should be installed on the firewall host and not on the
    hosts behind the firewall.
    .
    IP Masquerade requires the kernel to be compiled with CONFIG_FIREWALL,
    CONFIG_IP_FIREWALL, CONFIG_IP_FORWARD, and CONFIG_IP_MASQUERADE.



------------------------------------------------------------------------
From: Mateusz Mazur <vincent@waw.pdi.net>
Subject: Routing problem...
Date: Thu, 22 Mar 2001 13:20:46 +0100

> Hello.
> I will be very, very greatfull for your help. I'am newbie and I have big
> trouble (big for me of course). I would also apologize for my english. I'am
> from Poland and english isn't my nativ language. Here is some kind of map.
> It should illustrate my problem.
> 
>             LAN                                              INTERNET
> 	
> +--------------+
> |   COMP. A    |
> | 192.168.1.10 |-----+
> +--------------+     |    +----------------+          +----------+
>                      |----| DEBIAN MACHINE |----------|xSDL MODEM|--ISP--
> +--------------+     |    |   192.168.1.1  |          +----------+
> |   COMP. B    |-----+    +----------------+          195.117.3.4
> | 192.168.1.11 |                |                     195.117.3.5
> +--------------+                |   +------------+
>                                 +---| WWW SERVER |
> 				    +------------+
> 
> So...
> My ISP give me xSDL modem (1 Mbit/s to the internet) with ethernet plug on
> the end. He give me aslo two public IP and he routes this IP to this modem.
> Questione is... How to configure Debian Machine to work with that. I want to
> have one IP for Debian Machine and one IP to www server. I also want to have
> that computers from my local networks could use internet connection (I think
> I must use IP Masqu for that - it is also a problem). 
> But the main problem is that I don't know how to
> configure DEBIAN MACHINE to route this. For example. If COMP A want to
> vistit WWW SERVER (i guest he can uses DNS from ISP) he should go stright to
> WWW SERVER (without MODEM). I don't know how sould it work. DEBIAN MACHINE
> has tree pci network cards (one for lan, one for modem and the last one for
> www server). Second question is what rules for firewall (ipchains I tink)
> should I made. 
> 
> How I say. I'am newbie so I would be greatfull for complete solution, but
> even small help will be nice (I have no idea what should I do).
> 
> Big thanks.
> 
> I send this message to debian-user and debian-firewall. Sorry for that.
> 
> Mateusz Mazur
> vincent@waw.pdi.net

Regards,
/Karl

-----------------------------------------------------------------------
Karl Hammar                    Aspö Data           karl@kalle.csb.ki.se
Lilla Aspö 2340             +46  173 140 57                    Networks
S-742 94 Östhammar         +46  10 270 26 67                  Computers
Sweden                                                       Consulting
-----------------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Routing problem...
  - From: Michael Wood <wood@kingsley.co.za>

References:
- Routing problem...
  - From: Mateusz Mazur <vincent@waw.pdi.net>

Prev by Date: Routing problem...
Next by Date: Re: stateful firewall
Previous by thread: Routing problem...
Next by thread: Re: Routing problem...
Index(es):
- Date
- Thread