Sorry but i am a newbie about drbl
The environment:
I have a working drbl server and clients (3). On the server i have 2 nic. For clients i
have one nic and the "drbl setting": direct access to internet,
so i defined 3 external ip and the same subnet mask for internal and external
network (255.255.254.0) there is 1 external ip for 1 client.
The problem:
I have a problem about direct access from clients.
In my network the client need authentication for internet access.
The authentication on a zeroshell server happen when i
surf from the drbl client to a web page outside the local dns domain.
I think it can work only if the client try from the external ip so i used "direct access"
but with tcpdump on the drbl server i see that every packet to the external site is
from the external drbl server ip not from client ip.
So it happen: only the first client authenticate, after, every client can surf on every
dns domain without authentication.
The question :
Is there a simple trick for my problem ? Can i set a static nat and 1 to 1 mapping
on the server ? Is there a drbl setting where can i do this?
I apologize about my bad english and the darkness of my question
Yes, you can set some static routing rules on your clients so they connect to external sites directly, not via DRBL server.
When you run "drblpush -i", as this prompt:
By using alias interface, every client can have 2 IPs,
one of them is private IP for clients connected to DRBL server, and the other is public IP for clients directly connected
to WAN from switch!
Do you want to setup public IP for clients? [y/N]
You can say "yes" to this, and follow it.
Please remember that the network switch which clients connected must connect to external, too. Otherwise this mode won't work.
Steven.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry but i am a newbie about drbl
The environment:
I have a working drbl server and clients (3). On the server i have 2 nic. For clients i
have one nic and the "drbl setting": direct access to internet,
so i defined 3 external ip and the same subnet mask for internal and external
network (255.255.254.0) there is 1 external ip for 1 client.
The problem:
I have a problem about direct access from clients.
In my network the client need authentication for internet access.
The authentication on a zeroshell server happen when i
surf from the drbl client to a web page outside the local dns domain.
I think it can work only if the client try from the external ip so i used "direct access"
but with tcpdump on the drbl server i see that every packet to the external site is
from the external drbl server ip not from client ip.
So it happen: only the first client authenticate, after, every client can surf on every
dns domain without authentication.
The question :
Is there a simple trick for my problem ? Can i set a static nat and 1 to 1 mapping
on the server ? Is there a drbl setting where can i do this?
I apologize about my bad english and the darkness of my question
2 row from my public_ip.drbl
private IP public IP netmask gateway
192.168.6.119 131.11z.63.1xx 255.255.254.0 192.168.6.118
192.168.6.120 131.11z.63.1xy 255.255.254.0 192.168.6.118
my server is a debian 6.0 server
192.168.6.118 is the drbl server's internal ip clients are on the same server's nic
Yes, you can set some static routing rules on your clients so they connect to external sites directly, not via DRBL server.
When you run "drblpush -i", as this prompt:
By using alias interface, every client can have 2 IPs,
one of them is private IP for clients connected to DRBL server, and the other is public IP for clients directly connected
to WAN from switch!
Do you want to setup public IP for clients?
[y/N]
You can say "yes" to this, and follow it.
Please remember that the network switch which clients connected must connect to external, too. Otherwise this mode won't work.
Steven.