Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-01-2006, 10:41 AM
|
#1
|
Member
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42
Rep:
|
Help with Class C routing?
Okay, this might seem like a newbie questions, but I just can't see to get my head around it yet. I posted this over on the Network forums yesterday, but I'm hoping the Slackware community can help!
Here's what I'm starting out with:
1) 1/2 of a Class C (XXX.XXX.XXX.130 - XXX.XXX.XXX.254)
2) One small Slack box with two NICs that will be used for routing and firewall. It is plugged directly into the Cisco 1710 provided by Cox via eth0.
3) One LARGE Slack box that will be doing all virtual hosts, mail, etc. connected to the small Slack box via eth1 (on small) to eth0 (on LARGE).
So here's where I'm at now. How do I set the ineterfaces up so that my small box takes over the IPs for XXX.XXX.XXX.140 through XXX.XXX.XXX.150 and sends everything else to the LARGE box? The LARGE box then needs to be able to parse that out for DNS and virtual web hosts.
Also, just to make things more exciting, every other box (besides LARGE) behind the small Slack box needs to have an internal address (192.168.100.XXX).
Any help would be GREATLY appreciated!
|
|
|
05-01-2006, 06:08 PM
|
#2
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Not quite sure what you are asking but from what I can tell you have a group of IPs from 130 to 140 on eth0. Then forward those IPs through to eth1 192.168.100.* IPS.
Is this correct?
Or do you want to leave of traffic from 130 to 140 to services on the router slack box and then allow internel eth1 computers to have internet access not accepting any outside direct connections.
Is this correct?
Lets go from there before writing half a book on this.
Brian1
|
|
|
05-01-2006, 06:21 PM
|
#3
|
Member
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42
Original Poster
Rep:
|
Quote:
Originally Posted by Brian1
Not quite sure what you are asking but from what I can tell you have a group of IPs from 130 to 140 on eth0. Then forward those IPs through to eth1 192.168.100.* IPS.
Is this correct?
Or do you want to leave of traffic from 130 to 140 to services on the router slack box and then allow internel eth1 computers to have internet access not accepting any outside direct connections.
Is this correct?
Lets go from there before writing half a book on this.
Brian1
|
Sorry, I know I'm not really explaining this very well. What I have is a half block of IP addresses and two Slackware boxes. Ideally, one of the boxes would just be a firewall and routing box. The other would be everything else.
The way I currently have it set up is the Cisco router (from the extended D-Mark) connected to eth0 on the small box. There is a crossover cable from eth1 on the small box to eth0 on the large box. Eth2 on the small box has a switching hub connected.
So forgetting what specific addresses I wanted, how do I configure the IP addresses so that the big box can do all the DNS, web, FTP, mail, etc., and have the small box act as a firewall, router and DHCP server (to computers attached to eth2)? As important as how, where?
Thank you for your help in this matter! Its starting to drive me a bit crazy here!
|
|
|
05-01-2006, 07:49 PM
|
#4
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
The small box you what to be as a router?
It contains 3 nics?
eth0 is the wan side?
eth1 to large box to run the server services?
eth2 to goto a switch to feed lan machines?
Does this all sound right?
Before going on lets make sure this is correct.
Brian1
|
|
|
05-01-2006, 08:04 PM
|
#5
|
Member
Registered: Aug 2005
Distribution: Slackware, Fedora, CentOS
Posts: 42
Original Poster
Rep:
|
Quote:
Originally Posted by Brian1
The small box you what to be as a router?
It contains 3 nics?
eth0 is the wan side?
eth1 to large box to run the server services?
eth2 to goto a switch to feed lan machines?
Does this all sound right?
Before going on lets make sure this is correct.
Brian1
|
Thank you for your time Brian1. You've got it correct.
|
|
|
05-01-2006, 09:01 PM
|
#6
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Okay what you are after is what is called a DMZ or Demilitarized Zone. What you need to do is setup iptables to do just about everything you want. Check out this link for more info.
http://www.linuxguruz.com/iptables/
And then check out the link on this page to a script to a multihomed iptables script.
http://www.linuxguruz.com/iptables/s...rewall_005.txt
You need to edit it some like define where your iptables command is. IP of the proper networks. Then look down near the end about forwarding ports to internal DMZ side IP. In the upper section you need to add the ports that need to be opened to the outside.
Now for multi-IP. The first one can be created as eth0. Then the rest need to be virtual Aliasing IP's like eth0:0 for next, eth0:1 for the next, and so on. Now Define the IPs in the script near the top. There is an Example for second IP. One thing that does not work in iptables is Alias IP setup meaning it doesnot under stand eth0:0 and so on. Even though you can use eth0 in iptable commands it does not understand eth0:0. So here is where you need to use IP in place of eth0:0 in iptable commands.
Not sure if this works on slack to create the Alias IPs but check this link on doing it. Works fine on redhat/ redhat clones. Just my preference though.
Hope this helps. Anymore help needed just ask. Only thing throwing me is the cisco router. As long as the all IP are available to the eth0 port then it should not be a problem.
Brian1
|
|
|
05-06-2006, 08:10 AM
|
#7
|
Moderator
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
|
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.
http://www.linuxquestions.org/rules.php
|
|
|
All times are GMT -5. The time now is 01:45 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|