LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Closed Thread
  Search this Thread
Old 05-01-2006, 10:41 AM   #1
jmj99385
Member
 
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42

Rep: Reputation: 15
Help with Class C routing?


Okay, this might seem like a newbie questions, but I just can't see to get my head around it yet. I posted this over on the Network forums yesterday, but I'm hoping the Slackware community can help!

Here's what I'm starting out with:
1) 1/2 of a Class C (XXX.XXX.XXX.130 - XXX.XXX.XXX.254)
2) One small Slack box with two NICs that will be used for routing and firewall. It is plugged directly into the Cisco 1710 provided by Cox via eth0.
3) One LARGE Slack box that will be doing all virtual hosts, mail, etc. connected to the small Slack box via eth1 (on small) to eth0 (on LARGE).

So here's where I'm at now. How do I set the ineterfaces up so that my small box takes over the IPs for XXX.XXX.XXX.140 through XXX.XXX.XXX.150 and sends everything else to the LARGE box? The LARGE box then needs to be able to parse that out for DNS and virtual web hosts.

Also, just to make things more exciting, every other box (besides LARGE) behind the small Slack box needs to have an internal address (192.168.100.XXX).

Any help would be GREATLY appreciated!
 
Old 05-01-2006, 06:08 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Not quite sure what you are asking but from what I can tell you have a group of IPs from 130 to 140 on eth0. Then forward those IPs through to eth1 192.168.100.* IPS.
Is this correct?

Or do you want to leave of traffic from 130 to 140 to services on the router slack box and then allow internel eth1 computers to have internet access not accepting any outside direct connections.
Is this correct?

Lets go from there before writing half a book on this.

Brian1
 
Old 05-01-2006, 06:21 PM   #3
jmj99385
Member
 
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Brian1
Not quite sure what you are asking but from what I can tell you have a group of IPs from 130 to 140 on eth0. Then forward those IPs through to eth1 192.168.100.* IPS.
Is this correct?

Or do you want to leave of traffic from 130 to 140 to services on the router slack box and then allow internel eth1 computers to have internet access not accepting any outside direct connections.
Is this correct?

Lets go from there before writing half a book on this.

Brian1
Sorry, I know I'm not really explaining this very well. What I have is a half block of IP addresses and two Slackware boxes. Ideally, one of the boxes would just be a firewall and routing box. The other would be everything else.

The way I currently have it set up is the Cisco router (from the extended D-Mark) connected to eth0 on the small box. There is a crossover cable from eth1 on the small box to eth0 on the large box. Eth2 on the small box has a switching hub connected.

So forgetting what specific addresses I wanted, how do I configure the IP addresses so that the big box can do all the DNS, web, FTP, mail, etc., and have the small box act as a firewall, router and DHCP server (to computers attached to eth2)? As important as how, where?

Thank you for your help in this matter! Its starting to drive me a bit crazy here!
 
Old 05-01-2006, 07:49 PM   #4
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
The small box you what to be as a router?
It contains 3 nics?
eth0 is the wan side?
eth1 to large box to run the server services?
eth2 to goto a switch to feed lan machines?

Does this all sound right?

Before going on lets make sure this is correct.
Brian1
 
Old 05-01-2006, 08:04 PM   #5
jmj99385
Member
 
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Brian1
The small box you what to be as a router?
It contains 3 nics?
eth0 is the wan side?
eth1 to large box to run the server services?
eth2 to goto a switch to feed lan machines?

Does this all sound right?

Before going on lets make sure this is correct.
Brian1

Thank you for your time Brian1. You've got it correct.
 
Old 05-01-2006, 09:01 PM   #6
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Okay what you are after is what is called a DMZ or Demilitarized Zone. What you need to do is setup iptables to do just about everything you want. Check out this link for more info.
http://www.linuxguruz.com/iptables/

And then check out the link on this page to a script to a multihomed iptables script.
http://www.linuxguruz.com/iptables/s...rewall_005.txt

You need to edit it some like define where your iptables command is. IP of the proper networks. Then look down near the end about forwarding ports to internal DMZ side IP. In the upper section you need to add the ports that need to be opened to the outside.

Now for multi-IP. The first one can be created as eth0. Then the rest need to be virtual Aliasing IP's like eth0:0 for next, eth0:1 for the next, and so on. Now Define the IPs in the script near the top. There is an Example for second IP. One thing that does not work in iptables is Alias IP setup meaning it doesnot under stand eth0:0 and so on. Even though you can use eth0 in iptable commands it does not understand eth0:0. So here is where you need to use IP in place of eth0:0 in iptable commands.

Not sure if this works on slack to create the Alias IPs but check this link on doing it. Works fine on redhat/ redhat clones. Just my preference though.

Hope this helps. Anymore help needed just ask. Only thing throwing me is the cisco router. As long as the all IP are available to the eth0 port then it should not be a problem.

Brian1
 
Old 05-06-2006, 08:10 AM   #7
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.

http://www.linuxquestions.org/rules.php
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Class C IP routing? jmj99385 Linux - Networking 2 04-30-2006 02:31 PM
Implementing a vector class from a list class purefan Programming 9 04-14-2005 11:48 PM
BlackBox.class & VerifierBug.class virus ??? dalek Linux - Security 4 02-29-2004 09:55 AM
Inheriting class members (Qt C++, QApplication class) jtshaw Programming 2 01-15-2004 12:52 PM
c++ : regarding (inheritence)base class and derived class edreddy Programming 6 07-31-2002 07:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration