Quote:
Originally Posted by shaileshjkumar
Following is my setup:
Server: Ubuntu 11.04 with three NICs.
NIC 1- eth0 - 192.168.x.x
NIC 2- eth1 - 172.16.x.x
NIC 3- eth2 - 10.20.30.x
eth0 and eth1 are my Local LAN and eth2 is WAN the IP given to me by the ISP (Internet)
I configured the server using IPTABLES for getting the Router/Firewall features and also DNS.
|
The 196 bothered me. So:
eth0 -> client computers, internet access, access to servers
eth1 -> servers, no internet access, no direct access to clients
eth2 -> internet, no direct access to clients, no access to servers
Quote:
Originally Posted by shaileshjkumar
Question:
1) There are few servers in my eth1 network which needs to serve few applications and windows shares to eth0, so since it’s the Windows network and servers there are WINS and NETBIOS naming resolution in the eth1 network. I have configured the Ubuntu as a DNS server too but the server's name in eth1 are not getting resolved to the eth0 network. How to fix this?
|
There are 2 ways to fix this, if I understand the problem correctly.
1. Put an entry for each server in the DNS configuration on the Ubuntu box, forget WINS & NETBIOS NS
2. Put the IP of the WINS server in the configuration of the client PCs
This can be done with DHCP configuration if the Ubuntu box also is the DHCP server.
The things below only apply if the IP on eth2 (internet) is actually a public IP, and not in the range 10.x.x.x .
If it is a private IP, then things are different. Tell me if it is a private IP, and I'll give you the way to set that up.
Quote:
Originally Posted by shaileshjkumar
2) How to configure my IPTABLES to detect the destination IPs coming from source eth0 to redirect to eth1 (if any packets for eth1) or to eth2 (if any packets to internet)?
|
Just act as if eth1 isn't there. Since both eth0 and eth1 have private IPs, there's no need for iptables to interfere. Routing between eth0 and eth1 should work automatically when routing between eth0 and eth2 is set up.
Quote:
Originally Posted by shaileshjkumar
Also, no traffic from eth1 to eth0 is to be allowed. e.g. one of my system in 192 network should be able to connect and work with 172 network but none from 172 network should be able to connect to 192 network and also the 172 network system should not go to internet.
|
There are a few rules needed to make this happen. They should all be inserted in the forward chain.
Set the default policy on the forward chain to drop.
Add a rule to accept related and established packets.
Add a rule to accept packets from eth0.
Quote:
Originally Posted by shaileshjkumar
I googled and found lot of information in IPTABLES but nowhere mentioned for two different networks having service to each other and also going to the internet.
Also, no information I found for Linux DNS serving the WINS/NETBIOS naming resolution.
Thank you in advance for help.
Cheers.
Shailesh
|
I hope this info, together with what you googled, can get you on your way.
Don't forget to configure firewall rules for your Ubuntu box itself. The iptables forward chain doesn't look at packets that are meant for your Ubuntu box.
If you need more information, post a link to a tutorial you plan to use as a base, so I can reference that for giving you more detailed instructions.