LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Network Topology (https://www.linuxquestions.org/questions/linux-networking-3/network-topology-27228/)

chaste 08-05-2002 06:26 AM
Network Topology
 
Hi All,

I want to set up a network with the following topology. I have tried for the last two days to get the client machines talking to the internet but with no success - the linux machine can see the internet with no problem.

Eventually I would like to implement an iptables firewall, but for now I just want to be able to connect to the internet from one of the clients.

I have allowed IP forwarding.

Can anyone comment or help...


.....|
.....| DSL
.|---|----| <- XXX.XXX.XXX.XXX Fixed Internet IP Address
.|..NAT...|
.|.Router.|
.|--------| <- 192.168.1.1
.....|
.....|
.|-----|
.|.Hub.|---------| Eventually another subnet seperated by
.|-----|......... a Linux firewall
....|
....|
.|------|
.|.ETH0.| <- 192.168.1.2
.|......|
.|......| Linux box providing iptables based firewall
.|......|
.|.ETH1.| <- 192.168.67.1
.|------|
....|
....|
.|-----|
.|.Hub.|
.|-----|
....|
....|---------------|--------------|
....|...............|..............|
....|...............|..............|
.Client...........Client.........Client
...#1...............#2.............#3
.192.168.67.X.....192.168.67.X...192.168.67.X

Default Gateway for clients set to 192.168.67.1

chaste 08-05-2002 07:03 AM
I should have added that I'm using RedHat 7.3

jwithers1 08-05-2002 10:16 AM
Try using the other nic card as the deafult gateway.

Wonder 08-06-2002 08:23 AM
Is there a route to the 192.168.67.0 network on your NAT router?

chaste 08-06-2002 08:49 AM
Hi Wonder,

As a result of my other thread in this group I've come to the conclusion that the answer to that question is probably a no!

I've not got the password from my isp for the router config so I'll be able to check this ASAP.

-Chris

Wonder 08-06-2002 08:58 AM
Well, the only thing you can do in this case, is make another NAT on your Linux router :) ...

... or put all hosts on the 192.168.1.0 network

chaste 08-06-2002 09:27 AM
This may sound a stupid but....

If all hosts are on the 192.168.1.0 network how do I ensure that all IP packets coming in from the Internet pass through my Linux box acting as the firewall?

I understand that outbound IP can be forced through using the default gateway settings of the client, but I'm not sure about inbound. Also is there anything to stop someone changing the default gateway address and pointing it directly at the router?

It seems to me that the network is overly exposed to security threats if everything is on the 192.168.1.0 network?

-Chris


All times are GMT -5. The time now is 04:31 AM.