If you have a static IP with Telus then you can just register a internet domain name and run BIND on your machine for that domain. If you don't have a static IP then you can use services like dns2go, etc that will allow you to use a dynamic IP and still put a domain on it, of course you can't run BIND yourself for that, you will have to use their DNS servers. Another option is to just use the hostname that telus gives you. By this I mean, with Telus your hostname will never change (Unlike Shaw, etc). So, my old Telus hostname before I switched to Shaw was ai0h56ipb5hj.ab.hsia.telus.net I just memorized it, even if you IP changes the hostname stays the same. You can just find out what your hostname is (OCA page, etc) and do the same kind of thing if you want or don't want to get a static IP, the only problem I see with this solution is that telling people to go to http://ai0h56ipb5hj.ab.hsia.telus.net is not very appealing. As for port forwarding, I'm not sure what grsecurity is but port sentry is a security tool, it won't do port forwarding for you.... however basic port forwarding is quite easy. I'm assuming you are using IPTABLES, if you are here is the syntax you need to forward a port using DNAT: This example assumes that eth0 is your external Telus NIC and that you want to forward tcp port 80 to 192.168.1.2 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:80 iptables -A FORWARD -p tcp -i eth0 --dport 80 -d 192.168.1.2 -j ACCEPT
You can port forward udp instead of tcp by changing all occurances of tcp to udp, etc. You need both lines, the first one tells the kernel to enter a rule into the PREROUTING chain of the NAT table to Destination NAT anything coming into eth0 on tcp port 80 to 192.168.1.2 on tcp port 80. You can also do fancy things like forward incoming port 8080 to port 80 on 192.168.1.2, the ports don't have to be the same. The second line tells the kernel to allow the DNAT traffic to actually go through, without it the kernel will try to DNAT the traffic but will end up blocking itself. Hope this helps, > I'm not quite sure what you mean by IP aliasing, I assume its IP > masquerading, or NAT, or RFC 1631 > ( http://www.ietf.org/rfc/rfc1631.txt ) > > I'm using Telus DSL and I have just setup a Linux machine to route > packets on my 192.168 network using the one Telus IP and registered MAC > (soon to switch to 10.0.0.x cause I want to be lazy heh.) I will be > setting DHCP on that machine, as well as DNS and BIND (binding my > domain to my Telus hostname, if possible?). Another aspect I wish to > figure out by sometime next week-ending, is port forwarding to forward > various services on my private network outwards, and a few security > tools that I have been redomended: grsecurity, port sentry and a few > others if I dig through my notes. > > I'm not sure if any of what I'm doing could help you, if so, I'd love > to help. Best regards, > Richard. > > > > > On Sun, 11 Aug 2002 13:51:20 -0600 > "timmy" <[EMAIL PROTECTED]> wrote: > >> Anyone here have any experience with IP aliasing? I had a couple of >> clients on cadvision, and I had built firewalls for thier DMZ. I ran >> IPTABLES and had configured the boxes with IP aliasing, so all of the >> IPs in the /29 Cadvision provided were on the external interface of >> the firewall. I just did simple NAT/PAT to manage the services on the >> servers behind the firewall. Now, with Telus, this, to the best of my >> knowledge, is no longer possible. You have to register a unique MAC >> for each IP address you are using. Seeing as how all of the IP's would >> return the same MAC, this is not possible on Telus's system. Does >> anyone have a solution for this, or do I have to: a) run the servers >> with no firewall, or b) build a seperate firewall for each machine?. >> Maybe there are other oprions, but I'm not sure of what they might be. >> I did phone Telus tech support, and they of course were no help; they >> basically told me to either go find another provider, or switch to >> their $1500/mo fibre service. >> >> What I don't understand is how they expect customers to run a network >> properly in this kind of situation. If someone is running a Cisco PIX, >> or a Watchdog Firewall, which can both be configured with "IP Pools" >> on the external interface, what happens to their configurations? I >> basically had to reconfigure the whole network in order to get things >> to work properly with the new Telus service, not to mention the >> barrage of other problems that arised from a bunch of dumb mistakes on >> their end. When I phoned and asked for support, I was pretty much led >> to beleive they did not care one way or another if my service was >> working. Has it come down to that with Telus? It seems that they have >> gotten so big, with so many customers, they just don't care about a >> few people that might be more than a little upset over the whole >> ordeal, so they'd just as soon lose them as customers. What's it to >> them after all? They've got hundreds of thousands of customers, what's >> the big deal about losing a few? That is not good business. I work >> for an ISP here in town, TeraGo Networks, and we've currently got >> about 600 customers nationwide. That's mouse nuts compared to what >> Telus or Shaw has, but at least I take pride in knowing I care about >> our customer base, no matter how small or how large the company ends >> up getting. >> >>
