On Thu, 15 Aug 2002 06:26:46 -0600, Kevin Anderson wrote: >Sorry, Now I see what you're saying... > >How many external facing connections do you have/need, and why? >
1 connection, 5 IP's. I need the 5 IP's to run different services on multiple servers. HTTP, SMTP, POP3, DNS, PPTP, stuff like that. >Maybe if you have seperate boxes for Mail, FTP, etc, it would work to just >point them all at one IP, and then port forward through the firewall to the >appropriate box for each port. (IE: what are you trying to do?) > If I had one IP address and 3 servers, all running different services, this could be done no problem. I just use the extended NAT/PAT to forward each service to their respective servers, no problem. The issue is, if I have 2 servers I want firewalled, both running HTTP, I need to be able to put more than one public IP address on the external interface of my router. I can only forward port 80 once on one IP address. Also, if I run any NT boxes (god forbid) behind the firewall, I like to run VNC on them so I can remote desktop into them from anywhere. Again, I would only be able to do this once per IP address. >Kev. > > > >On Thursday 15 August 2002 09:40, you wrote: >> No, this worn't work. I can't put my whole IP block on the external >> interface of my Linux Box, it won't work. I can do what you suggested, no >> problem at all, but as for running an IP pool on the external interface, >> that's a no-go. >> >> On Thu, 15 Aug 2002 09:26:04 -0600, Kevin Anderson wrote: >> >This shouldn't matter at all. >> > >> >Plug your (dual-homed (2 Network Cards)) Linux box into the Telus >> >connection, and plug a hub (or whatever) into the other NIC. Then plug >> > all the PCs into the hub, and set them to use the Linux box as their >> > default gateway. The Linux box will do NAT, and there will only be 1 MAC >> > on the Telus side anyway. The Linux box will recieve requests from the >> > clients, strip out their MAC & IP, replace it, and send the packet to the >> > next hop. My Guess is that this is already happening for you. Your >> > firewall will look after all of it. >> > >> >Kev. >> > >> > >> > >> > >> >----- Original Message ----- >> >> From: "timmy" <[EMAIL PROTECTED]> >> >> >To: <[EMAIL PROTECTED]> >> >Sent: Saturday, August 10, 2002 11:56 AM >> >Subject: (clug-talk) IP aliasing >> > >> >> Anyone here have any experience with IP aliasing? I had a couple of >> > >> >clients on cadvision, and I had built firewalls for thier DMZ. I ran >> >IPTABLES and had >> > >> >> configured the boxes with IP aliasing, so all of the IPs in the /29 >> > >> >Cadvision provided were on the external interface of the firewall. I just >> >did simple NAT/PAT to >> > >> >> manage the services on the servers behind the firewall. Now, with Telus, >> > >> >this, to the best of my knowledge, is no longer possible. You have to >> >register a unique >> > >> >> MAC for each IP address you are using. Seeing as how all of the IP's >> >> would >> > >> >return the same MAC, this is not possible on Telus's system. Does anyone >> >have a >> > >> >> solution for this, or do I have to: a) run the servers with no firewall, >> > >> >or b) build a seperate firewall for each machine?. Maybe there are other >> >oprions, but I'm not >> > >> >> sure of what they might be. I did phone Telus tech support, and they of >> > >> >course were no help; they basically told me to either go find another >> >provider, or switch to >> > >> >> their $1500/mo fibre service. >> >> >> >> What I don't understand is how they expect customers to run a network >> > >> >properly in this kind of situation. If someone is running a Cisco PIX, or >> > a Watchdog >> > >> >> Firewall, which can both be configured with "IP Pools" on the external >> > >> >interface, what happens to their configurations? I basically had to >> >reconfigure the whole >> > >> >> network in order to get things to work properly with the new Telus >> > >> >service, not to mention the barrage of other problems that arised from a >> >bunch of dumb >> > >> >> mistakes on their end. When I phoned and asked for support, I was pretty >> > >> >much led to beleive they did not care one way or another if my service was >> >working. >> > >> >> Has it come down to that with Telus? It seems that they have gotten so >> > >> >big, with so many customers, they just don't care about a few people that >> >might be more >> > >> >> than a little upset over the whole ordeal, so they'd just as soon lose >> > >> >them as customers. What's it to them after all? They've got hundreds of >> >tgounsands of >> > >> >> customers, what's the big deal about losing a few? That is not good >> > >> >business. I work for an ISP here in town, TeraGo Networks, and we've >> >currently got about 600 >> > >> >> customers nationwide. That's mouse nuts compared to what Telus or Shaw >> > >> >has, but at least I take pride in knowing I care about our customer base, >> > no matter how >> > >> >> small or how large the company ends up getting. > >
