Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I believe I am having Firewall issues and need to do some testing to find out for sure.
I have two servers having issues when connecting to users in the outside world.
Server 1: CentOS 5.7, single hardware ethernet interface, single eth0 interface configured on the system with a private IP (192.168.x.x). This puts it behind the firewall (Cisco PIX 506, it's old but can't replace right now).
Server 2: CentOS 5.7, single hardware ethernet interface, multiple eth0 interfaces (virtual) configured on system each with a single private IP (eth0, eth0:1, eth0:2, etc.). This puts the box behind the firewall as well.
The physical cabling of the system would technically allow me to just change IP addresses on the servers and 'move' them outside the firewall. However, the firewall is configured to push all network traffic from the LAN to the public IPs back to the private IPs, so changing the IP addresses would require reconfiguring the firewall and I am offsite and cannot get access to configure the fireall.
Can I set up virtual interfaces on the servers to accomodate the public IP and get the desired effect of giving the outside world more direct access to the boxes, while still allowing the LAN to get to them via private IP?
Would this create any routing issues or anything like that?
This is mainly for testing purposes to see if the Firewall is in fact my issue for these boxes, once I have my answer I will either put it back the way it is now or actually change all the IPs and then reconfigure the firewall next time I am on-site. I would assume that having both a public and a private IP is not a generally accepted practice for a server, but if I can do it for testing and get reliable results for a few days then that will be a big help.
Keep in mind that the firewall separates networks, not computers. The actual IPs are not relevant, except that private IPs won't propagate through your uplink. The computers are not behing the firewall because of their IPs, but if you are using DHCP, they'll have those IPs because they are at that network (that happens to be behind the firewall)
You can have a computer plugged to both networks, but you'll need two physical interfaces for that, so you can plug it on both networks. You can configure your firewall to let an external computer access internall addresses, so you can plug one computer only at the external network, but you'll need an address for it, added to the public address of your NAT box (probably the same box as the firewall). Any way you do that, you just can't solve it by setting virtual interfaces at the computers, you need to actualy plug them at the external network somehow.
Maybe you should seek help for the issue you are having with the firewall instead.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.