Ok, if this is for corporate use, I agree, you're screwed. If it's for personal, no problem.
For VNC, simply run it on different ports. 5900 for NT_POS_1, 5901 for NT_POS_2, etc (or start at 5901, whatever, start your numbering at POS_0) VNC can connect to any port. Just remember, you MAY need 2 ports. by default, 5800 for the HTTP Java piece, and 5900 for the actual VNC traffic. For your web servers, why not have a main page, and then have two links, one for each page. One to 10.10.10.10:81 the second to 10.10.10.10:82 Then, forward port 81 to one server, and port 82 to another. For Mail, you're screwed. For DNS, who cares, just put all the zones on the one machine. For PoPToP, again, who cares. Connect to the firewall, and from there, sort out which machine you want in the back end. Mail is the only real issue here from a home user's perspective. Unless you recieve all the mail into the firewall box, and then sort/forward it based on recipient from there, which is just plain nasty, but it would work... (Use the aliases file, and then just have sendmail resend incoming mail destined for [EMAIL PROTECTED] to be forwarded to [EMAIL PROTECTED] and so on. Unless you have two people named Kevin, this should work with no problem. It's ugly, but it'd work. Kev. ----- Original Message ----- From: "timmy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 1:50 PM Subject: Re: (clug-talk) IP aliasing > On Thu, 15 Aug 2002 06:26:46 -0600, Kevin Anderson wrote: > > >Sorry, Now I see what you're saying... > > > >How many external facing connections do you have/need, and why? > > > > 1 connection, 5 IP's. I need the 5 IP's to run different services on multiple servers. HTTP, SMTP, POP3, DNS, PPTP, stuff like that. > > >Maybe if you have seperate boxes for Mail, FTP, etc, it would work to just > >point them all at one IP, and then port forward through the firewall to the > >appropriate box for each port. (IE: what are you trying to do?) > > > > If I had one IP address and 3 servers, all running different services, this could be done no problem. I just use the extended NAT/PAT to forward each service to > their respective servers, no problem. The issue is, if I have 2 servers I want firewalled, both running HTTP, I need to be able to put more than one public IP > address on the external interface of my router. I can only forward port 80 once on one IP address. Also, if I run any NT boxes (god forbid) behind the firewall, I > like to run VNC on them so I can remote desktop into them from anywhere. Again, I would only be able to do this once per IP address. > > > >Kev. > > > > > > > >On Thursday 15 August 2002 09:40, you wrote: > >> No, this worn't work. I can't put my whole IP block on the external > >> interface of my Linux Box, it won't work. I can do what you suggested, no > >> problem at all, but as for running an IP pool on the external interface, > >> that's a no-go. > >> > >> On Thu, 15 Aug 2002 09:26:04 -0600, Kevin Anderson wrote: > >> >This shouldn't matter at all. > >> > > >> >Plug your (dual-homed (2 Network Cards)) Linux box into the Telus > >> >connection, and plug a hub (or whatever) into the other NIC. Then plug > >> > all the PCs into the hub, and set them to use the Linux box as their > >> > default gateway. The Linux box will do NAT, and there will only be 1 MAC > >> > on the Telus side anyway. The Linux box will recieve requests from the > >> > clients, strip out their MAC & IP, replace it, and send the packet to the > >> > next hop. My Guess is that this is already happening for you. Your > >> > firewall will look after all of it. > >> > > >> >Kev. > >> > > >> > > >> > > >> > > >> >----- Original Message ----- > >> > >> From: "timmy" <[EMAIL PROTECTED]> > >> > >> >To: <[EMAIL PROTECTED]> > >> >Sent: Saturday, August 10, 2002 11:56 AM > >> >Subject: (clug-talk) IP aliasing > >> > > >> >> Anyone here have any experience with IP aliasing? I had a couple of > >> > > >> >clients on cadvision, and I had built firewalls for thier DMZ. I ran > >> >IPTABLES and had > >> > > >> >> configured the boxes with IP aliasing, so all of the IPs in the /29 > >> > > >> >Cadvision provided were on the external interface of the firewall. I just > >> >did simple NAT/PAT to > >> > > >> >> manage the services on the servers behind the firewall. Now, with Telus, > >> > > >> >this, to the best of my knowledge, is no longer possible. You have to > >> >register a unique > >> > > >> >> MAC for each IP address you are using. Seeing as how all of the IP's > >> >> would > >> > > >> >return the same MAC, this is not possible on Telus's system. Does anyone > >> >have a > >> > > >> >> solution for this, or do I have to: a) run the servers with no firewall, > >> > > >> >or b) build a seperate firewall for each machine?. Maybe there are other > >> >oprions, but I'm not > >> > > >> >> sure of what they might be. I did phone Telus tech support, and they of > >> > > >> >course were no help; they basically told me to either go find another > >> >provider, or switch to > >> > > >> >> their $1500/mo fibre service. > >> >> > >> >> What I don't understand is how they expect customers to run a network > >> > > >> >properly in this kind of situation. If someone is running a Cisco PIX, or > >> > a Watchdog > >> > > >> >> Firewall, which can both be configured with "IP Pools" on the external > >> > > >> >interface, what happens to their configurations? I basically had to > >> >reconfigure the whole > >> > > >> >> network in order to get things to work properly with the new Telus > >> > > >> >service, not to mention the barrage of other problems that arised from a > >> >bunch of dumb > >> > > >> >> mistakes on their end. When I phoned and asked for support, I was pretty > >> > > >> >much led to beleive they did not care one way or another if my service was > >> >working. > >> > > >> >> Has it come down to that with Telus? It seems that they have gotten so > >> > > >> >big, with so many customers, they just don't care about a few people that > >> >might be more > >> > > >> >> than a little upset over the whole ordeal, so they'd just as soon lose > >> > > >> >them as customers. What's it to them after all? They've got hundreds of > >> >tgounsands of > >> > > >> >> customers, what's the big deal about losing a few? That is not good > >> > > >> >business. I work for an ISP here in town, TeraGo Networks, and we've > >> >currently got about 600 > >> > > >> >> customers nationwide. That's mouse nuts compared to what Telus or Shaw > >> > > >> >has, but at least I take pride in knowing I care about our customer base, > >> > no matter how > >> > > >> >> small or how large the company ends up getting. > > > > > > > > > >
