Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

Hi all,

Im trying to use Gentoo linux, to connect two networks.

Net 1 is served to be 192.168.1.*

Net 2 is served to be 192.168.2.*

I want server 192.168.1.1 to reach 192.168.2.1 to only communicate with
a Microsoft SQL Server via TCP/IP. What should I look for.

Orignally I went with moving everything, into 192.168.1.1 - 50 for Net
1, then 192.168.1.100-51 for Net 2. I figured then I could bridge with
a firewall. However, the linux box, on getting the two ips, using dhcp,
does not then know where to route the packets?

Is there an easy way, if possible gentoo tutorials on setting this up
available, so that 192.168.1.1 can communicate only with 192.168.2.1
passing through a gentoo computer, with a seperate NIC for each
network.

Also does anyone know if you can do this for MS-SQL Server,by opening
up a specific port? What are my options please help, this is now
driving me insane.

Thanks

David

David wrote:

> Hi all,
>
> Im trying to use Gentoo linux, to connect two networks.
>
> Net 1 is served to be 192.168.1.*
>
> Net 2 is served to be 192.168.2.*
>
> I want server 192.168.1.1 to reach 192.168.2.1 to only communicate with
> a Microsoft SQL Server via TCP/IP. What should I look for.
>
> Orignally I went with moving everything, into 192.168.1.1 - 50 for Net
> 1, then 192.168.1.100-51 for Net 2. I figured then I could bridge with
> a firewall. However, the linux box, on getting the two ips, using dhcp,
> does not then know where to route the packets?
>
> Is there an easy way, if possible gentoo tutorials on setting this up
> available, so that 192.168.1.1 can communicate only with 192.168.2.1
> passing through a gentoo computer, with a seperate NIC for each
> network.
>
> Also does anyone know if you can do this for MS-SQL Server,by opening
> up a specific port? What are my options please help, this is now
> driving me insane.
>
> Thanks
>
> David

This might explain it better, as i wrote it a while ago while still
clear headed:

Hi all,

We have two networks:

a) 192.168.1.*

b) 192.168.2.*

We want to bridge them so that Microsoft SQL Server via TCP-IP can go
from a computer on a) to one on b). Ive been looking at etables and
iptables, and am not sure what would fullfill the purpose best. Has
anyone done this, or have any suggestons. We dont want windows file
sharing, named pipes, DNS, DHCP to transerse between the bridges. Can
this be done, do we need to bring them into the same 192.168.* range,
for it to work? Each network is connected via a seperate network card
to the gentoo linux box, ideally via these it would be good to ssh into
it. If not I guess this can be done with a spare network card?

Thanks in advance


David

David wrote:

> Hi all,
>
> We have two networks:
>
> a) 192.168.1.*
>
> b) 192.168.2.*
>
> We want to bridge them

I think you mean you want to *route* traffic.
Bridging is really quite different.

> so that Microsoft SQL Server via TCP-IP can go
> from a computer on a) to one on b). Ive been looking at etables and
> iptables, and am not sure what would fullfill the purpose best.

iptables is easiest when using routing.

> Has anyone done this, or have any suggestons. We dont want windows file
> sharing, named pipes, DNS, DHCP to transerse between the bridges.

Then you definitely don't want bridging, as that connects the networks
completely.
You want selective routing, i.e. routing in combination with firewalling.

> Can this be done, do we need to bring them into the same 192.168.* range,
> for it to work?

Of course not - if you do that, you can neither route nor stop any traffic.
Or rather, you can stop traffic, and selectively bridge the networks, but it
will be more work to set up properly, and can have lots of unforeseen
consequences.

> Each network is connected via a seperate network card to the gentoo linux
> box, ideally via these it would be good to ssh into it.
> If not I guess this can be done with a spare network card?

No need, as long as you can reach the Gentoo box from either of the two
connected networks.
Are the networks now connected and routed across the Gentoo box ?
If they are, your question is simply: how do I allow MS SQL traffic through,
but not anything else ?

If not, then you'd better stop and think about what kind of traffic you want
to route.
Which depends heavily on what other services you need to provide across the
router, and what kind you wish to prohibit.

A short rationale for why your network is set up the way it is would be a
really good place to start - do a little design work now, save yourself a
whole lot of worry later.

--
All your bits are belong to us.