Shorewall users - Jun 2004 - network query

On Wed, 2004-06-09 at 10:36, Altern8 wrote:
> Hi,
> 
> I am not sure if this is the right place to ask, so please forgive me if
it''s not. I have read most
> of the documentation regarding shorewall, and found it fairly easy to
understand. I am in the
> process of buying a new house, where I will have my own computer room and a
new ISP. I would like to
> use 1 to 1 NAT on the PC''s.  I will hopefully be setting my my
network as follows:
> 
> Internet<-->dslmodem<-->firewall<-->DMZ (for
dns/ftp/http/mail services)
>                                             |
>                                             |
>                                            Hub<-------------------->
>                                                     |             |        
|
>                                                     |             |        
|
>                                                 PC1       PC2          PC3
> 
> Firewall will be known as gate.kevsinsworld.com
> DMZ will be known as spud.kevinsworld.com
> PC1 will be knows as pulse.kevinsworld.com
> PC2 will be known as pudding.kevinsworld.com
> PC3 will be known as gun.kevinsworld.com
> 
> Each of the 5 computers will have a seperate public IP address, which I
will have upto 8 from my ISP
> to use. Both my wife and I are irc users, we can spend hrs on the network,
we have to share the pc
> at the moment. What I would like to do, is have PC1 as mine pc, PC2 for the
wife and PC3 for our
> kid.
> 
> With the above setup, would it be possible for each of the computers
(pc1,pc2,pc3) to have their
> host name be visible on the irc server. For example, at the moment, I have
this:
> 
> 
> Addy:  genesis@cpc2-colc3-3-0-cust131.colc.cable.ntl.com
> 
This is due to the reverse resolve names for the IP address in question.
Ask your ISP to enter the names into the DNS for the IP addresses and
the irc servers will then pick them up. 

What happens when you connect the address 81.103.13.131 is seen. The
server then checks in DNS the name for that address, which is the above
name you gave. Until 131.13.103.81.in-addr.arpa resolves to
pulse.kevinsworld.com you will always get the above name. Usually most
cable modem companies will never change this and you will be stuck with
there names until you purchase services such as a T1 or Frame Relay and
have full control over the IP address you are borrowing.

> and I would like to have it, using the above setup:
> 
> 
> Addy:  genesis@pulse.kevinsworld.com
> 
> Anyone able to help me out?
> 
> regards
> 
> Kevin
/psh

Hi,

I am not sure if this is the right place to ask, so please forgive me if
it''s not. I have read most
of the documentation regarding shorewall, and found it fairly easy to
understand. I am in the
process of buying a new house, where I will have my own computer room and a new
ISP. I would like to
use 1 to 1 NAT on the PC''s.  I will hopefully be setting my my network
as follows:

Internet<-->dslmodem<-->firewall<-->DMZ (for dns/ftp/http/mail
services)
                                            |
                                            |
                                           Hub<-------------------->
                                                    |             |             
|
                                                    |             |             
|
                                                PC1       PC2          PC3

Firewall will be known as gate.kevsinsworld.com
DMZ will be known as spud.kevinsworld.com
PC1 will be knows as pulse.kevinsworld.com
PC2 will be known as pudding.kevinsworld.com
PC3 will be known as gun.kevinsworld.com

Each of the 5 computers will have a seperate public IP address, which I will
have upto 8 from my ISP
to use. Both my wife and I are irc users, we can spend hrs on the network, we
have to share the pc
at the moment. What I would like to do, is have PC1 as mine pc, PC2 for the wife
and PC3 for our
kid.

With the above setup, would it be possible for each of the computers
(pc1,pc2,pc3) to have their
host name be visible on the irc server. For example, at the moment, I have this:


Addy:  genesis@cpc2-colc3-3-0-cust131.colc.cable.ntl.com

and I would like to have it, using the above setup:


Addy:  genesis@pulse.kevinsworld.com

Anyone able to help me out?

regards

Kevin

----- Original Message -----
From: "Philip S. Hempel"
> Usually most cable modem companies will never change this and you will be
stuck with
> there names until you purchase services such as a T1 or Frame Relay and
> have full control over the IP address you are borrowing.
So basically even know you appear to be (but doesn''t say for sure)
hosting
his own DNS. (doesn''t say private and or public hosting) He needs to
have
his reverse zone delegated to him or be in change of that zone? And it would
make sense and be safe to assume that they wouldn''t allow that with
that
type of service. But ya never know till ya ask. Good luck.

Joshua Banks

Hi folks,

Many thanks for all your replys, they have been helpful.
Yeah, thats the plan to host my own DNS, both primary and secondary, hopefully
this will give me the
result that I want.  I will plan to host my own web and email servers for my
family and myself to
use. I have looked around for a good firewall, and found shorewall to be what I
wanted. We hope to
have the keys for the house within 6 weeks, so I will be able to get down to the
nitty gritty. Just
doing a bit to reseach on things.

Cheers

Kev


----- Original Message ----- 
From: "Joshua Banks" <syn_ack@comcast.net>
To: "Mailing List for Shorewall Users"
<shorewall-users@lists.shorewall.net>
Sent: 10 June 2004 16:40
Subject: Re: [Shorewall-users] network query

>
> ----- Original Message -----
> From: "Philip S. Hempel"
>
> > Usually most cable modem companies will never change this and you will
be
> stuck with
> > there names until you purchase services such as a T1 or Frame Relay
and
> > have full control over the IP address you are borrowing.
>
> So basically even know you appear to be (but doesn''t say for sure)
hosting
> his own DNS. (doesn''t say private and or public hosting) He needs
to have
> his reverse zone delegated to him or be in change of that zone? And it
would
> make sense and be safe to assume that they wouldn''t allow that
with that
> type of service. But ya never know till ya ask. Good luck.
>
> Joshua Banks

----- Original Message -----
From: "Altern8"
> Yeah, thats the plan to host my own DNS, both primary and secondary,
hopefully this will give me the
> result that I want.
Specifically speaking.. Your original request ***depends soley*** on whether
or not you have "Authority over your Reverse DNS zone" or in more
specific
terms, have the ability to have that Reverse Zone "Delegated" to you
once
you register your domain and setup your public dns services. Knowning the
fact that your going with a cable company that OWNS the address space that
your renting, regardless if its static or not. The chance of them
reconfiguring they''re reverse dns mappings and delegating this to you
for a
tiny sliver of address space is highly unlikely.
Not trying to be pesimistic. Just realistic. As was Philip.
> I will plan to host my own web and email servers for my family and myself
to
> use.
This is always a very enriched learning experience. Heh.. Definitely fun
times ahead. Heh.. Heh..
> I have looked around for a good firewall, and found shorewall to be what I
wanted. We hope to
> have the keys for the house within 6 weeks, so I will be able to get down
to the nitty gritty. Just
> doing a bit to reseach on things.
Sounds like exciting times are in your families lives. 6 weeks .. wow..
that''s allot of Linux server learning in 6 wks.  Shorewall will be the
least
of your worries in regards to ease of installation and functionality. For
DNS I would recommend DJBDNS hands down.. http://cr.yp.to/djbdns.html. As
for Web and Email.. those are beasts all to their own... You''ll have
some
good experience under your belt after tackling all of those beasts. Good
luck. You can email me off list if you would like.

Joshua Banks