On Tue, 2003-02-25 at 08:28, Rune Berge wrote:
> > > Network layout:
> > > ADSL -- Smoothwall box --(LAN)-- Redhat server -- Wireless GW
> >
> > It'll still work. <smile>
>
> Good. A couple of questions. What IP address should I use on the RH
> server's second NIC? The same as on eth0 (192.168.0.10), or something else
> (like 192.168.1.10)?
IP addresses don't belong to computers, they belong to network
interfaces. So no, you will never use the same exact IP address twice.
I note that you are not quite using the same IP address, but rather the
same final octet (x.x.x.10) on different subnets. If that is what you
meant, then you are free to do that or to do it entirely differently.
Overall, this is what I would do IF I FOUND IT ACCEPTABLE FOR MY
NEIGHBOR TO BE PART OF MY NETWORK AND ACCESS MY MACHINES:
1. Setup your eth1 (to your neighbor's house) as 192.168.1.1. From
habit, I use the "1" on small networks always as the gateway to the
outside, and as far as your neighbor is concerned that is his gateway.
2. Setup dhcp to answer only on eth1 (in /etc/sysconfig/dhcp change the
line to DHCPARGS="eth1" ensuring that dhcp will only serve addresses on
that interface.
3. Of course, configure dhcp.conf properly (easy).
4. Tell Shorewall (using the /etc/shorewall/masq file) that the whole
subnet on eth1 will be masqueraded and go out to the world through eth0.
This will allow him access to your network and the world.
5. Make sure the "rfc1918" keyword IS NOT SET on either interface,
since that would automatically block all private addresses (which you
are using). Alternately, modify /etc/shorewall/rfc1918 to tell Shorewall
which private addresses you use so it accepts them.
6. Don't forget to restart dhcp and shorewall so they reload and
activate their new configurations.
Unless I've forgotten something, this should be it and you should be up
and about in around five minutes.
Every file in /etc/shorewall is self-documenting and very easy to use.
However, PLEASE DO READ the Quickstart documentation on the
www.shorewall.net site so you understand how Shorewall thinks. Ten
minutes of reading and you'll have no trouble at all.
> That's correct. AFAIK Smoothwall doesn't support multiple "green"
> interfaces, and I _really_ don't want to mess with the Smoothwall config
> files manually. I realise that it would probably work if I simply put the
> GW on the Smoothwall's DMZ (which I don't use now), but I would like a
> more flexible solution.
My "more flexible solution" is an RH8 box that I've savagely cut down to
the bare minimum of anything at all, running three NICs and Shorewall
along with the following services:
o dhcp (on internal net only)
o named (on internal net only)
o squid (on internal net only)
o ntpd (on all interfaces)
o openssh (on all interfaces, using keys not passwords)
o [EMAIL PROTECTED] <grin>
This box provides all basic network services and, if hacked, will only
require me to reinstall via kickstart and restore six or seven config
files... take all of 10 minutes. Runs on a P166, 64MB, 1GB, with about 8
months of uptime now. :-)
--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
