|
network cards
hi to all....
im wondering ... as the browse and read some of the mails in this forum i noticed most of the people here are using 2 lan cards.. 1 for the internet and the other 1 is for the local network.. is this really a "necessary" especially if we will be hooking up to a dsl connection, because as of the moment we are only having one network card per workstations even in our servers... |
its just if you use this pc as a router for the internet and want to have configured out your security. means, you can configure 1 nic for internet with a configured firewall and still leaving 1 nic for the internal lan to connect without lan. Even nat, you can only start with 2 nics in your pc. But you only need it on the machine connecting to internet
hopes this helops |
"1 nic for the internal lan to connect without lan. "
what do u mean by this? to connect without lan? i dont get it. kent |
Quote:
|
Dear Kent,
I think it doesn't matter using whether 1 or 2 NIC card, we are using 2 nic card because regarding security problem, 1 for public and 1 for local area. But if u using 1 NIC and you act like we are, i think there is no problem too, you can always use ip aliases. would it be help |
ahhh i see.... ur using 2 lan cards so that they can connect to the internet separately... isn't it? like making them a server? isn't it?
|
no, we cannot put it that way, i mean the LAN's one were used to connect to other boxes such as windows in your LAN, because in your LAN you will use the virtual ip. And the public's one will be assigned by public ip, it will need when you own your webserver, etc.
|
sorry, i think it was because of the heat...of course it shouldn't mean "without lan.... the goal is that you can connect with your own lan to a nic within your range. this is the "unprotected" one. the 2nd connects to internet. of course, here should the firewall be configured to be secure. -> a configuration with 2 nics is also what is called a router
|
What everyone's saying here is that one computer is acting as a go-between. It stands a gateway between the wild internet (connected to card A) and your internal network (connected to card B). This computer would normally not be a web-surfing machine (though it can be); usually it's just a dedicated firewall to protect the internal network.
Technically, this would be a "star" network topology, where the gateway machine is central and all other internal network computers are connected to it. If the gateway only has two ethernet cards, then there can only be one other computer on the internal network. For a bigger network, give the gateway machine more cards. Each internal network machine only needs one card, as it only connects to the gateway. Obviously, there are other ways to do this; this is just a simple way to do it on a small network. (Am I the only one who uses proper grammar in here?) Hope that cleared stuff up. |
How about this
Is this scenario possible? My goal is to have linux box with 2 nics act as a firewall/router like this:
CABLE ISP --> Eth0(DHCP FROM CABLE ISP (?.?.?.?)) --> IP FORWARD/FIREWALL --> eth1 (192.168.1.1) ---> HUB --> NETWORK (192.168.1.0) |
Yes, absolutely, that is exactly what JimTheta is describing. (Note that the "CABLE ISP" in your diagram is actually *your* cable modem.)
It doesn't take much horespower either. I'm in the process of doing exactly that using an old Compaq Presario 5153 P133, a 133 mHz Pentium I. There's a great book called Linux Firewalls, 2nd Ed., by Robert Ziegler, on how to configure iptables to build such a firewall. |
Thanks
Thanks for quick reply. Yeah I probably should have worded that better but is what I meant by CABLE ISP. Im just having a little trouble with DHCP and eth0 pulling an IP from isp. Will work on this over weekend and will be documenting everything I do and compile a good walkthrough for this.
|
Excellent. I'm looking forward to your documentation. As mentioned, I am about to embark on the same project -- probably *next* weekend.
I believe configuring eth0 for dhcp should be relatively straight forward -- just the appropriate entry in the ifcfg-eth0 script. I think getting the linux box to grab the DNS server addresses from your ISP is going to be tricky if not impossible. My current Linksys router automatically gets my ISP's DNS server addresses, but I'm not aware of that being possible with a Linux box. My intended workaround is to set up a caching DNS server, using a *different* Linux box from the firewall, inside the firewall. Alternatively, I may keep the Linksys router in place as a bastion firewall and use a Linux box as a choke firewall inside of that. Looking forward to reading how everything works out. |
Can't see any particular reason why you shouldn't manage to DHCP your ISP's dns servers other than bad luck.
|
By the way.. I'm using one lan card but i have three IP adress on it :) It's realy good idea :D Lan card is in server and is connected to local network and internet :)
|
| All times are GMT -5. The time now is 06:07 AM. |