LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-09-2003, 01:28 AM   #1
MRK
Member
 
Registered: Jan 2002
Posts: 60

Rep: Reputation: 15
Setting up a router on existing network


Hello. I run a webserver that has 3 existing network cards in it. The first 2 are connected to the internet directly. The third network card is connected to the internal switch that all of our client computers are connected to. This card provides local access to the machine for maintenance and such. No web traffic goes over it. This third card has a class C ip address (192.168.x.x) like all the rest of the clients on the network.

I want to setup a fourth network card using a class A or B ip address (10.x.x.x or 127.x.x.x). I then want to set it up to be a gateway to internet. I would then give a client plugged into the switch an ip address of simlar class. I want to tell the client to use this 4th network card as the gateway.

Is this possible? remember, the 4th network card will be plugged into the same switch as everything else. I want this 4th network card to be on a completely seperat network (per say) than everything else. As will the clients.

I've looked into using iptables and ipchains, but its very confusing. And i'm not even sure if it will do what i want it to do. Thanks for any help you can provide.!!!!

-Mr.K
 
Old 12-09-2003, 02:07 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
First off, there really isn't a concept of "classful" IPs any more. CIDR notation and prefix length-based routing have made IP classes obsolete. Second, 127.0.0.0/8 is reserved for "loopback" adaptors, i.e. it's a dummy address that only refers to the machine itself, you can't communicate to it over a network.

What you are after is a "private" net, there are several reserved for this purpose. 10.0.0.0/8, 172.16.0.0/12 (or is it /14? I forget) and 192.168.0.0/16.

Any way, you can have multiple nets on the same switch if you wish, but it's a very bad idea to enable ip_forward on a box that also serves and aministrative net. You would be etter off splitting out the functions onto two boxes. Put a firewall/router in for Internet access (could be a Linux box) and keep your web server separate (preferrably behind the firewall).
 
Old 12-09-2003, 05:11 PM   #3
MRK
Member
 
Registered: Jan 2002
Posts: 60

Original Poster
Rep: Reputation: 15
I appriciate the information.

The webserver is connected directly to internet with nothing in between it. (no firewall) The only purpose the 3rd network card exists is because i dont want to tie up one of the external card with my traffic when i'm simply uploading something or editing some files. Hence the 3rd network card simply allows me to connect to my server from any computer on the network by simplying using its internal network address. (192.168.1.210)

As far as setting up the firewall/router, how would i go about doing this? Can you point me to any recourses or briefly explain it? I'd appriciate any help you can provide!!!

-Mr.K
 
Old 12-09-2003, 07:42 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well for starters, it's a really bad idea to have a box connected directly to the Internet and your inside network, especially if you don't have a firewall in front of it. Even if IP forwarding isn't enabled, it's still dangerous since a compromise to the webserver allows the attacker to access all your internal machines. If you put another NIC in it and allow Internet access, that would be worse since you would need to turn IP forwarding on. Attackers might be able to source-route packets through the webserver into your admin net.

For information about setting up an iptables firewall, check out the resources listed here. I highly recommend setting the firewall up on a separate box. You can configure the firewall to pass the traffic for your two web server IPs back to the web server, which would sit behind the firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding second router to existing network crnchyfrog Linux - Networking 2 06-06-2005 09:19 PM
Setting up a linux router for network ThePlague Linux - Networking 5 02-24-2005 04:45 PM
Setting up a home network - can't connect to router awagner99 Linux - Networking 7 01-30-2005 10:23 PM
setting up a network through a router (mandrake 10.1) ben_build#2.1.0 Linux - Networking 1 01-02-2005 08:14 PM
How can I set my Suse 9.0 system to work as a router on an existing network? ww6y Linux - Networking 1 02-04-2004 10:08 AM


All times are GMT -5. The time now is 01:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration