From: Theunis B. <Th...@ac...> - 2003-04-03 15:38:35
|
No i think it was what you said about the=20 'Transparent bridging mode' that i need to do. The server's IP has to stay the same (192.168.0.1) The modem HAS to be on the same subnet as the server (or firewall = eventually). (therefore being 192.168.0.3) The trick is to make it look like the same subnet, the firewall acting = as the server and passing it on to the real server. The IP of the ISDN may change(although it will cause a few headaches), = and the clients dialling in can be made to think that the server has a = new IP. (i.e. any IP that is on the same subnet as the ISDN modem) I think that would solve the *possible* problem of assigning the same = network to eth0 and eth1???=20 -----Original Message----- From: Friedrich Lobenstock [mailto:fl...@fl...] Sent: 03 April 2003 01:06 To: dev...@li... Subject: Re: [Devil-Linux-discuss] Forwarding problem Hi! Theunis Botha wrote: > Hi guys.. (and girls?) > =20 > I am in a particular situation where, i cannot specify a default = gateway=20 > on an ISDN LAN modem since it doesn't support that functionality. > =20 > It sort off 'Terminates' a network. > It makes the network you are reaching by dialing into it from outside, = > "THE ULTIMATE DESTINATION" > =20 > But now, i want "ALTERNATE DESTINATION" ;) > =20 > see, if they ping 192.168.0.1 (living on the network they just dialed=20 > into), which happened to be the server, > i want to put the FW as 192.168.0.1, and then forward all the packets = to=20 > the "REAL" server and back. > =20 > And then i want to obviously filter the packets with my nifty firewall = > rules. > =20 > Any ideas? > =20 > In my mind, it looks something like this : > =20 > 192.168.0.1(server) > | > 192.168.0.3(FW) eth0 > 192.168.0.1(FW) eth1 > | > 192.168.0.3(ISDN LAN modem) > =20 > Oh, and the server must think the FW is the Modem, since the network = is=20 > setup to forward stuff to 0.3, and changing this simple > thing would cause havoc at about 10 places at the same time. > =20 > (and it actually does get a bit more complicated, but in basic, that = is=20 > the problem.) I suggest reading a book about routing. Your setup can only work in the transparent bridging mode of the firewall. But you won't need that. Can you describe your setup a little more? From what I read I think that you are actually trying to do this: 192.168.1.1(server) | | 192.168.1.3(FW) eth0 192.168.0.1(FW) eth1 | | 192.168.0.3(ISDN LAN modem) external IP (provided by ISP) | | Internetserviceprovider (ISP) You want to reach a service runnning on your server and configure your ISDN router (it can't be a modem as it connects via Ethernet to your firewall) to forward a specifiy port from its external interface to the Firewall (IP 192.168.0.1). There you configure iptables DNAT and forwarding rules to finaly forward this port to your server. So you do not need to configure any extra routing entry on your ISDN router. > =20 > Oh, and does ssh and sshd work on dl0.44? BTW 0.5 is the current release and 0.6 is comming to pre release state soon. --=20 MfG / Regards Friedrich Lobenstock ____________________________________________________________________ Friedrich Lobenstock Linux Services Lobenstock URL: http://www.lsl.at/ Email: fl...@fl... ____________________________________________________________________ ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb:=20 Dedicated Hosting for just $79/mo with 500 GB of bandwidth!=20 No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |