[NTLUG:Discuss] Punch through firewall
Jonathan Miller
betaray at kludge.org
Thu Mar 2 21:39:16 CST 2000
On Thu, 2 Mar 2000, clyde swann wrote:
> what i'm understanding here is that i must use private addresses for the
> inside ether card in the firewall and for the localnet. but since the
> server is known from the net with a public address this is translated at the
> firewall/bridge to the local address. if this is the case its my
> understanding i also need to configure my adsl modem's local ip address to
> be on the same net or vice/versa.
With the link I gave you that was the setup. You can accomplish this using
the public address then using just the packet filtering aspects of
ipchains. If you do do NAT then you'll want this:
ISP - ADSL Modem - eth0->IPchains<-eth1 - Rest of network
Public Addresses|Private Addresses
Either way, you'll have to have 2 gateways. The advantage of the NAT is
that you can is purely physical. If you actually want to set up 2 ethernet
cards then you can go ADSL to eth0 and eth1 to hub, but if you only want
to use IP aliasing then you can go eth0:1 with a public address that the
ADSL talks to and eth0:0 with a private one that the other machines deal
with.
I remember a way to do the 1 NIC way without NAT, but it eludes me at the
moment, and seems like more trouble than it's worth. The real benefit to
NAT is that you can renumber, replace machines, etc from a central
point. If you want to have a (theoritcally) downtime machine you can
switch ips from the NAT machine without the complicated pains of MAC
caching problems and the like.
Linux is the perl of operating systems TMTOWTDI. [Snide comment removed
because no one cares what Jonathan thinks about any other scripting
languages -- ed]
Hope this clarifies things, or at least mucks them up in a way that allows
you to think about exactly what you need/want.
-- Jonathan
More information about the Discuss
mailing list