In the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>,
(E-Mail Removed) wrote:
>I want to setup a forwarding gateway server through which all internet
>traffic to my network is relayed. Later, I'll use this for packet
>filtering and access control.
and you've looked at the HOWTOs?
>Current setup: I have a number of static IP addresses. Currently, the
>ISP connection lands directly to my IP-layer switch. To this switch,
>all my servers are connected. Therefore, these servers are connected to
>the internet through this switch.
OK
>Instead, I want a simple forwarding server between my ISP and the
>switch. But I'm messed up with the network configurations.
Looks like a concept problem. I suspect you actually want a bridging
firewall.
>let's say that one of my mail server (static IP server) is:
> IP: 6.5.133.170
> Netmask: 255.255.255.192
> GW: 6.5.133.129
Address
Block Date Registry - Purpose Notes or Reference
----- ------ --------------------------- ------------------
006/8 Feb 94 Army Information Systems Center
Anyway
>On my gateway server, I enabled IP forwarding (echo 1 >
>/etc/sys/net/ipv4/ip_forward)
>This has two interface cards (eth0 linked to the switch & eth1 to the
>ISP)
>I setup the following IP addresses:
[fake date deleted]
First problem - Your eth0 is using a broadcast address. See RFC1878.
>I don't have any NAT-ing on this GW system (do I need it?) because I do
>have a sufficient number of static IPs from my ISP.
No - it is not needed.
>Since the two interfaces (eth0 & eth1) on my gw server are in the same
>subnet, I'm landing into routing issues.
Absolutely.
-rw-rw-r-- 1 gferg ldp 29687 May 21 2002 Bridge
-rw-rw-r-- 1 gferg ldp 21151 Apr 26 2001 Bridge+Firewall
-rw-rw-r-- 1 gferg ldp 20465 Nov 9 2000 Bridge+Firewall+DSL
Old - but still valid
>I set the gw for my mail server to be: 6.5.133.190 (i.e eth0 on gw)
Yes, though with the bridge, you could set it for the "real" gateway
which you call 6.9.133.129.
>Since eth0 and eth1 are on the same subnet, I'm messed up. I cannot
>just force routes as the two-way traffice won't be established.
Bridge - not router
>Are there configuration problems with my settings? How do I fix
>them? Can't two interfaces be on the same subnet? Or do I need some
>tunneling?
http://tldp.org/guides.html
You want the 'nag2' (the second edition of the Linux Network Administrator's
Guide) rather than the 'network-guide' (first edition).
You are posting from a Bharti address, and a lot of people block that
because of continuing problems. Others block if the DNS and rDNS addresses
don't match, or if the hostnames appear generic. In your case, the address
doesn't resolve, which is an auto-block. You'll want to kick the klowns
running dnsdel.mantraonline.com that claims to be authoritative for
133.95.61.in-addr.arpa and have them fix that. If you don't know them,
scream at Bharti, referring to APNIC requirements relating to rDNS, and
to RFC2317.
Old guy
Similar Threads
Linear Mode
