On Sun, Jun 04, 2000 at 10:56:08PM -0700, Bob Miller wrote:
> [EMAIL PROTECTED] wrote:
>
> Yes, you can almost certainly do what you want. You may want to set
> up the front machine as a bridge instead of a router. A bridge does
> not have an IP address. You actually want a half-bridge -- it has an
> IP address on the ISP side, but no address on the LAN side.
I guess I'm confused about the bridge. This machine would be
serving a website, so one of the cards would have a static IP.
My current gateway is set up that way - so I just gave the second
card an IP of 192.168.1.1 to be a gateway to my internal network.
If I did a bridge, then I wouldn't be giving it an IP address...
so my internal private network wouldn't have a gateway, would it?
My network is set up so that me and my girlfriend both have "music"
boxes where we do our music composing, and it's okay for them to have
private IPs and have net access through NAT controlled by my gateway
running IP-MASQ. I have three computers that I need public though -
my employer-owned development box for work, my personal webserver,
and a winbox that needs an IP for videoconferencing purposes.
The thing I'm freaked about is that my personal webserver is liable
to get quite popular once I launch my new website. I have three
static IPs allocated to me, one for each of them. I also have a x86
box left over, but I'd rather give that to my girlfriend than make
it a firewall and have to get a fourth static IP. This is where I
get confused, trying to figure out how to set it up.
My best guess so far is to:
1) Arbitrarily pick one of the three public boxes to be my gateway,
put two nics in it
2) Plug the DSL router into its eth0
3) Give eth1 a private IP like 192.168.1.1, plug it into a hub
4) Plug *all* the other computers into the hub, give two of them
the other static IPs, and the other ones other 192.168.1.*
addresses.
5) Make 192.168.1.1 be the gateway of the private boxes, and
my gateway's static IP be the gateway of my public boxes.
6) Run ipchains on my gateway to handle traffic on all the other
boxes - as a result my gateway will still be insecure.
Another, less secure option is to:
1) Put a hub between my DSL router and everything else
2) Plug my three public computers into the hub
3) Put a second ethernet interface in one of them (forget bridging)
and make it the gateway for my private "music" NAT network - plug
that into a second hub along with all the private boxes
(that's pretty much what I have going on now)
And the third, most secure is:
1) Put a fourth box with a static IP between my router and everything
else, with two nics, to serve solely as a firewall.
2) Plug all three of my public boxes and the FW's second eth into a hub
3) In turn make one of the internal computers be a gateway (with a
second nic) to my private network with its own hub.
By now, my head is spinning. Am I just skipping over a much easier
configuration? Since I need three of my boxes to have static
IPs, maybe I should just chuck the whole firewall idea...?
Curt