LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Multiple domains behind firewall (https://www.linuxquestions.org/questions/linux-networking-3/multiple-domains-behind-firewall-221609/)

nukenstien 08-24-2004 01:54 AM
Multiple domains behind firewall
 
I have a few linux machines setup with apache, ssh, ftp services running on them. I use zoneedit to dns ips.

I have a linux firewall setup that has all of the urls dns linked to it.
firewall.domain.ca, domain.ca, halflife.domain.ca

The follow is the networking configuration I have setup

Internet
|
firewall.domain.ca
|
|----------|
domain.ca halflife.domain.ca



I want to be able to 'ssh firewall.domain.ca' and be connected to firewall.domain.ca
I also would like to 'ssh domain.ca' and be passed throught firewall.domain.ca and connect to domain.ca

I thought this command would work but it does not.

$IPTABLES -t nat -A PREROUTING -d domain.ca -p tcp -j DNAT --to-destination [domain.ca ip address]

I am looking for the command to pass all tcp traffic through the firewall to the linux box behind the firewall. I do not want the root of domain.ca to have root access to firewall.domain.ca.

Nuke

david_ross 08-24-2004 08:04 AM
Welcome to LQ.

There are a few solutions:
* Use 2 public IPs.
* Run the ssh servers on different ports.
* Only ssh into server 1 from the outside, then from there ssh to server 2

nukenstien 08-24-2004 01:25 PM
Thanks for the reply david

However when I use two external ips my cable modem slows to a crawl because I don't have a 100MB hub for connecting the computer to the cable modem.
The problem with running on different port is I would have to port forward every port that domain.ca would want to use.
SSH ing from 1 machine to the next would not work because I would also like various users to be able to ftp to their home directory, but they only have an account on domain.ca not on firewall.domain.ca

david_ross 08-24-2004 01:42 PM
Quote:
Originally posted by nukenstien
However when I use two external ips my cable modem slows to a crawl because I don't have a 100MB hub for connecting the computer to the cable modem.
Why would it slow down? I'm not suggesting making any infrastructure changes.

nukenstien 08-25-2004 12:00 PM
It slows down because with my cable modem, even though it is only 5Mb down and 1 Mb up, if you switch from a 100MB connection to a 10MB connection the speed goes down.
I have the cable modem plugged into my linux box with a 100MB card so it connects at 100MB but when I plug the cable modem into my hub, to allow both computers external ips, the hub is only 10MB so it only connects at 10MB.
I do not know why it slows down if it is not reaching the hardware limit.

david_ross 08-25-2004 12:44 PM
I'm still not sure why it would slow down. BUT:
Quote:
Originally posted by david_ross
I'm not suggesting making any infrastructure changes.


All times are GMT -5. The time now is 05:16 AM.