Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I use Suse 8.2. I am a teacher and do more and more withtthe networking at the buildings. I have a working Linux NAT box and a Win2K server inside the LAN for DHCP and other Windows related needs. I have a Web server running inside the LAN as well ( I was told this is safer and it would make it easier to put live camera images on a web page too ) It is also Suse 8.2 with Apache.
I have 3 Live IPs available to me to use.
I am wanting to know how to set traffic from the second IP ( and later the third ) thru the NAT to the Web server.
Do I need to set up eth0:0?
How do you get that traffic directed to a second box that is the webserver?
Are you sure that you want to run second web server? You can run virtual servers on the same computer using a single IP address. In Apache, you do this by configuring Virtual Hosts.
If you still want add the second server, you can do it by forwarding port 80 on one of your available IP addresses to the IP of the second server. I am assuming that you have already configured NAT and port forwarding on your Internet box.
I am not sure what utility you use in SuSE to add a secondary IP address your NIC, because I don't use SuSE (I've installed it, but haven't really done any networking with it). You should be able to do it in YaST, but I haven't tried. I think that you just modify /etc/sysconfig/network-scripts/ifcfg-eth0 to have the line SECADDR=<secondary ip> but it has been several years since I have tried putting multiple IPs on a single NIC.
Thx, but I really do want a second machine for the web server, The NAT seems to have alot on it's hands and I was told that I would have 'less' chances of hacking if it was inside ( behind the NAT from Internet side ) my LAN.
I need for the NAT to remain uneffected by people other than myself. Being at a school, and students maintain the web pages ......
Sorry, I mis-understood your post. I thought that you wanted to run a second web server. You definitely want a second machine as a web server, you just don't need two web servers.
When you configured the NAT rules, did you use a tool, or edit the IP_Masq script(s) directly? You really just need to add a Forward rule to get the web requests to go to your web server.
The following is a link to IP Masquerading and how to set up a port 80 forward to the web server on the inside of your network. It assumes that you are using iptables, not ipchains, but the concept is nearly identical for ipchains.
I didn't find any help on the SuSE site for setting up a secondary IP address (for your Internet facing system) to allow you to bind multiple addresses to that external interface. But in the interim, you can just forward the one IP that you have working to the Webserver on the inside.
I wish I had the termonolgy better, but let me try a different way to see if anyone can make sense out of my nonsense
My NAT box has a live IP ( seemed to be the only way it would work ) and I have 2 more available to me for future use.
One, I will reassign the www.scjvs.com we own to that IP, once I am able to pass thru the NAT and forward ( port 80, SSL, FTP, mail ... ) to the web server inside the LAN. I want it inside for protection and for the Axis mini-web cams we use in the building. I want to be able to load images onto one of the web page links for WWW use. ( This beats trying to get to the cams thru the NAT ).
I have plans later for openning a second web site on the third IP with the other .com we own.
If Apache will host both sites as virtual on one box and the load is ok, that would be good too.
The correct way to setup what you wants is as follows:
1. Setup a DMZ with one IP address and place your production system in there. Using NAT, you can place several systems in here. Your database servers don't need to be publicly exposed.
2. Setup a router/NAT with another IP address and place your network there. Ensure you restrict travel so that traffic only goes out.
However without using some more expensive routers what you appear to want to do many not be possible without adding another interface card to your routing nat machine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
