Subject: Re: Mildly OT> IP Masquerading on my server
From: cdowns (cdowns@skillsoft.com)
Date: Mon Nov 27 2000 - 12:10:41 MST
Andrew Dacey wrote:
> Gawain Reifsnyder wrote:
> >
> > I'm trying to figure out the most efficient ways to setup our
> > network, which now includes the G4 Mac running Yellow Dog Linux. This
> > is a little complicated so I'll try and be clear...
> >
> > We have a small network of about 8 machines, connected to the
> > internet via a cable modem. Most of the "normal" Macs are on a
> > 192.168.0.x internal network that accesses the internet through a
> > gateway Mac running IPNetRouter. The gateway machine also has an
> > externally visible IP address on the 207.152.10.x network. So does
> > the new G4 server. However, the G4 server doesn't have a 192.168.0.x
> > address, so accessing it through ftp is much slower and more
> > cumbersome than over the LAN, even though it's on the same physical
> > network.
> >
> > Do I need to configure IP masquerading on the G4 too? What's the best
> > way to efficiently connect to this machine? So far, I haven't been
> > able to get Netatalk to work, and have been using ftp and telnet when
> > not working directly on the server.
>
> If I understand things correctly, all the machines are hooked up into
> the same hub or switch? It sounds to me like you're using a switched
> network with VLANs on a single switch. The gateway cable modem and G4
> are on one VLAN and the other VLAN has the internal network. The gateway
> machine would have it's port on the switch configured to be on both VLANs.
>
> If memory serves, you can configure an interface to have more than one
> IP address in Linux. I can't remember how you do it though. What you
> would do would be to add a 192.168.0.x address to the G4 server's.
>
> you are using a switched situation as I outlined above, then you'd also
> need to configure the switch so that the G4's port is part of both VLANs.
>
> I'm not sure how you'd do the setup with a single hub. As far as I know,
> you can't have multiple network segments on a single hub. If you are
> using multiple hubs, then all traffic would have to go through the
> gateway (which would have multiple network cards). You could then
> install a 2nd network card in the G4 and have it connected to both networks.
>
> --
> Andrew "Frugal" Dacey,
> frugal@tildefrugal.net
> http://www.tildefrugal.net/
you should have 2 network interfaces eth0 and eth1, masquerading should take
place for anything leaving the external interface. like so:
$IPCHAINS -A forward -s $localnet -d $Any -j MASQ
you could very easily use this shell variable to grab your ipaddress as i do on
my cable modem. like so:
localnet="192.168.0.0/24"
firewallhost="`ifconfig eth0 | grep inet | cut -d : -f 2 | cut -d " " -f 1`"
<----------- here
Any="0.0.0.0/0"
localhost_localdomain="127.0.0.1/32"
if you have machines behind the YDL1.2/firewall i would do this and use these
lines for ftp and realaudio, add these lines into your rc.local file. i also
included the ipmasqadm rules to use dialpad.com through your firewall. ( saves
on calls :) )
#--------- cut for brevity --------------------------
fi
## <--------------------
firewallhost="`ifconfig eth0 | grep inet | cut -d : -f 2 | cut -d " " -f 1`"
# modified july 1,2000
/sbin/depmod -a
echo "1" < /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
## <--------- dialpad --------------
echo " Starting up DialPad autofw ports 51210 tcp 51200 51201 udp"
echo " ----------------------------------------------------------"
/usr/sbin/ipmasqadm autofw -A -v -u -r udp 51200 51201 -c tcp 7175
/usr/sbin/ipmasqadm autofw -A -v -u -r tcp 51210 51210 -c tcp 7175
## <-------- ipmasqadm -------------
# setup any ipmasqadm rules here for internal machies. like a webserver, heres
a sample.
echo "Startin ipmasqadm for destination 192.168.0.30 ( WebServer )"
/usr/sbin/ipmasqadm portfw -a -P tcp -L $firewallhost 80 -R 192.168.0.30 80
well i hope this helps and good luck.
Christopher M Downs
-----------------
Christopher M Downs
Network Administrator
http://www.skillsoft.com
cdowns@skillsoft.com
-----------------
This archive was generated by hypermail 2a24 : Mon Nov 27 2000 - 12:07:53 MST