---------- Forwarded message ----------
From: Karan Misra <kidoman@gmail.com>
Date: Fri, 22 Oct 2004 10:55:31 +0530
Subject: Re: [LARTC] hi all
To: Craig Steadman <spinout@yakbox.shacknet.nu>
hi man,
thanks for the responce. my head is totally screwed up regd the
concepts of subnetting. i mean:
i want my internal lan to be the 10.xx.yy.zz/8 network. so for the lan
my firewall is the default gateway right. i mean, do i place the IP
address i assign to the NIC on the firewall for the internal lan as
the default gateway for the rest of the computers.
i plan to give different different departments different ranges like
10.101.yy.zz for the computer science dept. how do i do that....? now
we only hv a single CISCO 1720 router and a heirarchial Catalyst 2950
network campus wide. the firewall (gateway) system will be three-homed
with NIC for connecting to the: router, DMZ subnet and the internal
lan.
also 1 more confusion: suppose i want to use 10.209.yy.zz for the DMZ
network and 10.xx.yy.zz for the internal lan, is it possible???? isnt
there a overlap.
i used some sample scripts for firewalling from frozentux but i
distinctly remember that now "ip route" commands were used anywhere. i
need to specify particular routes on the firewall (gateway) system,
right??
please help this marred "hoping-to-be" sys-admin.
regds,
karan
On Fri, 22 Oct 2004 10:48:54 +0800, Craig Steadman
<spinout@yakbox.shacknet.nu> wrote:>
>
> Hi Karan
> I''ve put the scripts I use for firewalling on sourceforge
> http://bastionx.sourceforge.net
> theres plenty of framework to help you.
>
> The firewalling internals called netfilter are controlled
> with iptables command. The routing and interface management
> is controlled with the iproute2 suite of commands.
> eg ip
>
> Multiple interfaces are not a problem you just have to make
> sure the appropriate rules are in place to control the packet
> flow.
>
> Cheers
> Craig
>
> On Fri, 2004-10-22 at 04:50, Karan Misra wrote:
> > hi,
> >
> > i hv been burning nights reading howtos and manuals for iproute2 and
> > iptables aiming at succesfully implementing a DMZ-NAT solution for our
> > college (institute.)
> >
> > i am a student and never had past experience but hv used linux for
> > quite some time now.
> >
> > so my first question is: do the functions of iptables and iproute2
> > overlap atall. i am preety confused regd this matter.
> >
> > 2nd: is it possible to hv multiple NIC in a single linux mach (FC1)
> > and assign them addresses like 203.193.144.98/27, 10.209.250.1/16,
> > 10.200.250.1/8. i used a howto to create a rc.firewall and it only
> > used iptables and also enabled ip forwarding.
> > after the setup, i was not able to ping even physically connected
> > systems (tho i was able to get across to my router at 203.193.144.97).
> >
> > please clarify....?
> >
> > regds,
> > karan
>
>
--
Badda bing, badda bang, badda bong --- and voila!!
--
Badda bing, badda bang, badda bong --- and voila!!
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/