[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
RE: Newbie Question

From: "Erick Arturo Perez Huemer" <eperez compuservice net>
To: <redhat-install-list redhat com>
Subject: RE: Newbie Question
Date: Fri, 30 Aug 2002 14:48:57 -0500
You can have your internal machines in the 192.168.0.x range or the 10.x
range. Just be sure to have the eth1 interface in the same Ip range and
subnet.


Erick A. Perez H.


> -----Original Message-----
> From: redhat-install-list-admin redhat com 
> [mailto:redhat-install-list-admin redhat com] On Behalf Of Joe
> Sent: Viernes, 30 de Agosto de 2002 12:20 p.m.
> To: redhat-install-list redhat com
> Subject: Re: Newbie Question
> 
> 
> If  I get you correctly would the following be right?
> Assuming that eth0 is still the internet interface and eth1 
> is the internal network interface. Eth1 settings are 
> 192.168.0.1/255.255.255.0 Would the Windows machines have an 
> adress in the 10.0.0.x range or 192.168.0.x range?
> 
> echo Now setting packet forwarding
>  /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
> echo Now bringing up rc.local ipchains rules
>  /sbin/ipchains -P forward DENY
>  /sbin/ipchains -A forward -i eth1 -j MASQ
> echo Now run on the DOS machines:
> echo route add 192.168.0.1 mask 255.255.255.0 10.0.0.100
> 
> ----- Original Message -----
> From: "Karl Pearson" <karlp ourldsfamily com>
> To: <redhat-install-list redhat com>
> Sent: Friday, August 30, 2002 12:52 PM
> Subject: Re: Newbie Question
> 
> 
> > I have a command that does the following to allow packet 
> forwarding on 
> > my Linux host:
> >
> >    echo Now setting packet forwarding
> >    /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
> >    echo Now bringing up rc.local ipchains rules
> >    /sbin/ipchains -P forward DENY
> >    /sbin/ipchains -A forward -i ppp0 -j MASQ
> >    echo Now run on the DOS machines:
> >    echo route add 192.9.0.0 mask 255.255.255.255 10.0.0.100
> >    echo route add 192.168.0.0 mask 255.255.255.255 10.0.0.100
> >
> > You will need to change ppp0 to eth1, if that's the gateway device. 
> > Also, you will need to change the route IPs.
> >
> > You can put these commands in rc.local so it comes up at boot (you 
> > don't need the echos if you don't want them)
> >
> > --
> > Karl Pearson
> > Senior Consulting DBA
> > Senior Consulting Unix/MS/Database Analyst karlp ourldsfamily com
> > http://consulting.ourldsfamily.com
> > -------------------------------------
> >
> > On Fri, 30 Aug 2002, Joe wrote:
> >
> > ->Went through section1. The windows machines can ping the 
> Linux box, 
> > ->but
> they
> > ->can't connect to the internet. The DNSs are correct in 
> > ->etc/resolv.conf
> Any
> > ->suggestions?
> > ->
> > ->I'll start working on step2 now "the dhcpd thing"  Let 
> you know how 
> > ->it
> goes.
> > ->
> > ->Thanks for the input it's greatly appreciated. ------- Joe
> > ->
> > ->
> > ->
> > ->
> > ->----- Original Message -----
> > ->From: "Erick Arturo Perez Huemer" <eperez compuservice net>
> > ->To: <redhat-install-list redhat com>
> > ->Sent: Thursday, August 29, 2002 6:09 PM
> > ->Subject: RE: Newbie Question
> > ->
> > ->
> > ->> ok, lets assume the eth0 (internet) interface is 
> > ->> 1.1.1.1/255.255.255.0 and lets assume the eth1 (internal) 
> > ->> interface is 192.168.0.1/255.255.255.0
> > ->>
> > ->> 1- Making your windows machines connect to the internet:
> > ->>
> > ->> a- make sure your windows machines can ping/see the eth1 
> > ->> interface.
> > ->> b- install the iptables package, rpm -ivh iptables-1.2.5-3
> > ->> c- create a rule in iptables that will make your linux 
> machine do a
> MASQ
> > ->> for the outgoing traffic: iptables -t nat -A 
> POSTROUTING -o eth0 
> > ->> -j MASQUERADE
> > ->> d- make your linux box (the eth1 interface) the default gateway 
> > ->> for
> the
> > ->> windows boxes.
> > ->> e- make your linux route packets between eth1 and eth2: 
> echo 1 >> 
> > ->> /proc/sys/net/ipv4/ip_forward
> > ->> f- make sure the DNSs ( /etc/resolv.conf ) are correct 
> so you can 
> > ->> resolve names to IPs.
> > ->>
> > ->> So far, you now must be able to see the internet from 
> the windows
> boxes.
> > ->>
> > ->> 2- The dhcpd thing
> > ->>
> > ->> a- install the dhcpd package rpm -ivh dhcp-2.0pl5-8
> > ->> B- configure the /etc/dhcpd.conf file to advertise the 
> server the 
> > ->> the internal machines. # there are things that I use on my 
> > ->> internal net. I wont hurt you to
> use
> > ->> them also.
> > ->> #ddns-update-style none;
> > ->> server-identifier server.domain.com;
> > ->> option broadcast-address        192.168.0.255;
> > ->> option font-servers     192.168.0.1;
> > ->> option host-name        "server.domain.com";
> > ->> option log-servers      192.168.0.1;
> > ->> option netbios-name-servers     192.168.0.1;
> > ->> option ntp-servers      192.168.0.1;
> > ->> option routers  192.168.0.1;
> > ->> option swap-server      192.168.0.1;
> > ->> option time-servers     192.168.0.1;
> > ->> option routers 192.168.0.1;
> > ->> option subnet-mask      255.255.255.0;
> > ->> option domain-name              "domain.com";
> > ->> option domain-name-servers yourDNSips, secondDNSips;
> > ->>
> > ->> subnet 192.168.0.0 netmask 255.255.255.0
> > ->> {
> > ->>         option subnet-mask      255.255.255.0;
> > ->>         option domain-name      "domain.com";
> > ->>         authoritative;
> > ->>         # You can even create ranges of Ips to share.
> > ->>         range 192.168.0.150 192.168.0.161;
> > ->>         range 192.168.0.171 192.168.0.190;
> > ->>         range 192.168.0.192 192.168.0.253;
> > ->>         default-lease-time      2592000;
> > ->> }
> > ->> # make your eth0 network not to be authoritative to 
> DHCP requests. 
> > ->> subnet 1.1.1.0 netmask 255.255.255.0 {
> > ->>         not authoritative;
> > ->>         }
> > ->>
> > ->> # Want to give a static ip to some windows box?
> > ->> host webserver {
> > ->>         hardware ethernet 00:48:54:3a:ae:43;
> > ->>         fixed-address 192.168.0.136;
> > ->>         }
> > ->> C- save and close /etc/dhcpd.conf, and do a service 
> dhcpd restart
> > ->>
> > ->> Note:
> > ->> I always like to create a rc.firewall file in /etc/rc.d/ so I 
> > ->> place my iptables rules there and call the file from 
> > ->> /etc/rc.d/rc.local Example of rc.firewall: # Reglas 
> para filtro de 
> > ->> iptables. # se carga desde rc.local
> > ->> # erick perez 28 de agosto 2002
> > ->> # iptables gurus, this is a SIMPLE setup, it was not 
> meant to be a NSA
> > ->> firewall!!
> > ->> iptables -F
> > ->> iptables -F -t nat
> > ->> iptables -X
> > ->> iptables -X -t nat
> > ->> # isvw
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 18000 -j DROP
> > ->> # sendmail dos
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 19000 -j DROP
> > ->> # isvw en ssl
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 8443 -j DROP
> > ->> # isvw http proxy
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 8080 -j DROP
> > ->> # no se
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 6000 -j DROP
> > ->> # el squid
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 3128 -j DROP
> > ->> # block access to internal FTP server
> > ->> iptables -A INPUT -i eth1 -p tcp --dport 21 -j DROP
> > ->> # masq y routing
> > ->> # this one for Squid cache
> > ->> iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 
> -j REDIRECT
> > ->> --to-port 3128
> > ->> # This one for the NAT / MASQ
> > ->> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> > ->>
> > ->> Also place the echo 1 >> /proc/sys/net/ipv4/ip_forward in your
> rc.local
> > ->> file so it gets loaded everytime you boot.
> > ->>
> > ->> Reccomendation: Try webmin ( http://www.webmin.com) it 
> is a simple 
> > ->> web-based administration client.
> > ->>
> > ->> Hope this helps,
> > ->>
> > ->> Erick A. Perez H.
> > ->> PGP ID: 0xF4FAF330
> > ->> PGP Fingerprint: 3B75 C625 03CD 5304 3266
> > ->>                  D3A2 AFEC C89B F4FA F330
> > ->>
> > ->> -----Original Message-----
> > ->> From: redhat-install-list-admin redhat com
> > ->> [mailto:redhat-install-list-admin redhat com] On Behalf Of Joe
> > ->> Sent: Jueves, 29 de Agosto de 2002 12:19 p.m.
> > ->> To: Redhat-install-list redhat com
> > ->> Subject: Newbie Question
> > ->>
> > ->>
> > ->> I'm sure you guys are sick of us newbies, however I can 
> say that 
> > ->> this group has been very informative. Ive installed 7.3 
> on a new 
> > ->> box and
> had
> > ->> no problems. Two ethernet cards-- no problems. Sound 
> card--- sound 
> > ->> is off but not anything I'm concerned with yet. I'm 
> trying to set 
> > ->> it up
> as
> > ->> a firewall and e-mail server. I'm connecting to the 
> internet fine 
> > ->> but only on the server. I've got the router connected to the 
> > ->> server on
> eth0
> > ->> working fine. how should  I configure eth1? I have it 
> connected to 
> > ->> a hub. Also when setting up the Windblows boxes 98\2000 
> What's the 
> > ->> best setup for me to use? How do I set up th RedHat box 
> as a DHCP 
> > ->> server? I guess this is my first task. --- Thanks in advance Joe
> > ->>
> > ->>
> > ->>
> > ->> _______________________________________________
> > ->> Redhat-install-list mailing list Redhat-install-list redhat com
> > ->> https://listman.redhat.com/mailman/listinfo/redhat-install-list
> > ->>
> > ->
> > ->
> > ->
> > ->_______________________________________________
> > ->Redhat-install-list mailing list Redhat-install-list redhat com
> > ->https://listman.redhat.com/mailman/listinfo/redhat-install-list
> > ->
> >
> >
> >
> > _______________________________________________
> > Redhat-install-list mailing list Redhat-install-list redhat com
> > https://listman.redhat.com/mailman/listinfo/redhat-install-list
> >
> 
> 
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com 
> https://listman.redhat.com/mailman/listinfo/re> dhat-install-list
>
References:
- Re: Newbie Question
  - From: Joe
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]