Re: Ip_forward trouble

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Ip_forward trouble
From: Thomas Cook <sysadmin@black-gear.com>
Date: Sun, 06 Jan 2002 15:47:00 -0600
Message-id: <[🔎] B85E21F3.120C%sysadmin@black-gear.com>
In-reply-to: <[🔎] 1010352894.2650.0.camel@kheops>

TOKI:


The use is that I don¹t really know what I'm doing.  Well, not totally...
Here is the lay of the land.

I have a high speed connection connected (appropriately enough) to a
hardware router and hub.  This router (192.168.1.1) serves as a DHCP host
for my little LAN.  On this LAN there are basically 2 sectors.  The first is
the general house computers, used by the people here for surfing and e-mail,
nothing fancy.  There are at any time, between 6 and 12 of these, mostly
running windows.  Because they have no use for it, all of their ports are
blocked from the outside by the router I mentioned.

The second leg of the network is my computer lab.  This lab consists of
about 2 dozen boxes running any number of OS's and services like my mail,
web site, shell server, etc.  Not all of this are set up, mainly because
they need to be seen from the outside, and thus protected.  Hence the
firewall (among other protections).

I have set the firewall up on the network, with an IP address from the
router, and have left that IP in the DMZ of the router so it is seen from
the internet at large.  I want to set up some sort of NAT to translate the
ports of the firewall to the appropriate servers behind the firewall.  To
avoid any confusion by the people on the larger house network, I was going
to use the 10... IP rang for the network, but it really makes no difference,
and I can just as easily set them up with the subnet you suggest.  (though
the term easily may not apply as I have yet to get this working).

I have been fighting with several firewall solutions (smoothwall, Gibraltar,
redhat based, openBSD based), but because the box i am using is SCSI based,
it has a complicated install, and many distros have trouble.  I like debian,
because it installs flawlessly, has that great package system, and I have
used it in many of the boxes in the lab.  I have though about trying a
hardware solution (namely a netscreen 5xp) but the price tag of a $500
hardware firewall vs. a free debian firewall is always a deal breaker.

Maybe some of this rambling will help,
-Tom

Reply to:

Follow-Ups:
- Re: Ip_forward trouble
  - From: "TOKI -- linux powa :\)" <mrlinux5@yahoo.fr>

References:
- Re: Ip_forward trouble
  - From: "TOKI -- linux powa :\)" <mrlinux5@yahoo.fr>

Prev by Date: Re: Ip_forward trouble
Next by Date: Re: Ip_forward trouble
Previous by thread: Re: Ip_forward trouble
Next by thread: Re: Ip_forward trouble
Index(es):
- Date
- Thread