Re: Routing problem...
On Thu, Mar 22, 2001 at 01:19:06PM +0100, Mateusz Mazur wrote:
> Hello.
> I will be very, very greatfull for your help. I'am newbie and I have big
> trouble (big for me of course). I would also apologize for my english. I'am
> from Poland and english isn't my nativ language. Here is some kind of map.
> It should illustrate my problem.
don't apologize, your english is better than a lot of native speakers I
know :)
>
> LAN INTERNET
>
> +--------------+
> | COMP. A |
> | 192.168.1.10 |-----+
> +--------------+ | +----------------+ +----------+
> |----| DEBIAN MACHINE |----------|xSDL MODEM|--ISP--
> +--------------+ | | 192.168.1.1 | +----------+
> | COMP. B |-----+ +----------------+ 195.117.3.4
> | 192.168.1.11 | | 195.117.3.5
> +--------------+ | +------------+
> +---| WWW SERVER |
> +------------+
>
> So...
> My ISP give me xSDL modem (1 Mbit/s to the internet) with ethernet plug on
> the end. He give me aslo two public IP and he routes this IP to this modem.
> Questione is... How to configure Debian Machine to work with that. I want to
> have one IP for Debian Machine and one IP to www server. I also want to have
> that computers from my local networks could use internet connection (I think
> I must use IP Masqu for that - it is also a problem).
> But the main problem is that I don't know how to
> configure DEBIAN MACHINE to route this. For example. If COMP A want to
> vistit WWW SERVER (i guest he can uses DNS from ISP) he should go stright to
> WWW SERVER (without MODEM). I don't know how sould it work. DEBIAN MACHINE
> has tree pci network cards (one for lan, one for modem and the last one for
> www server). Second question is what rules for firewall (ipchains I tink)
> should I made.
>
> How I say. I'am newbie so I would be greatfull for complete solution, but
> even small help will be nice (I have no idea what should I do).
>
> Big thanks.
Ok, as I see it, this task can be broken down to the following sub-tasks
1) Routing incoming requests to either the debian machine, or the
www server based on the requested ip address
2) Routing internal requests to either the internet, the www server, or
(at least for admin) the debian server, based again on ip
address
3) Some kind of firewall to protect your internal network from the
world at large, whilst letting in the stuff you want.
OK, there's a lot of info on this out there, and here's a start.
The howtos (many of which are available in Polish if the english
ones give you trouble) are available via ftp at
ftp.metalab.unc.edu/pub/Linux/docs/HOWTO
For html versions and online reading, try www.linuxdoc.org
note that the mini-howtos are (or at least were) in a subdirectory of
the howto directory
for 1) read the Bridge minihowto. It has a basic setup, step by step
for 2) Bridging covers this also.
for 3) things get a little more complicated with bridging as well as
firewalling, but ta-dah! there's also a bridging+firewalling
mini-howto :)
note that both the above mini-howtos are a little on the old side, but
(AFAIK) still work with current kernels (2.2.x, not sure about how
iptables affect things.)
Good luck.
--
Jim Richardson
Anarchist, pagan and proud of it
WWW.eskimo.com/~warlock
Linux, because life's too short for a buggy OS.
Reply to: