Curt,
hey.... So... It sounds like your on the right track with the
first option. However, i must ask... Is it worth it? It sound all
completely unneccessary(sp?). Is there a reason you would need a
firewall? cant you do what you need to do with what you already have?
Jamie
On Mon, 5 Jun 2000 [EMAIL PROTECTED] wrote:
> On Sun, Jun 04, 2000 at 10:56:08PM -0700, Bob Miller wrote:
> > [EMAIL PROTECTED] wrote:
> >
> > Yes, you can almost certainly do what you want. You may want to set
> > up the front machine as a bridge instead of a router. A bridge does
> > not have an IP address. You actually want a half-bridge -- it has an
> > IP address on the ISP side, but no address on the LAN side.
>
> I guess I'm confused about the bridge. This machine would be
> serving a website, so one of the cards would have a static IP.
> My current gateway is set up that way - so I just gave the second
> card an IP of 192.168.1.1 to be a gateway to my internal network.
> If I did a bridge, then I wouldn't be giving it an IP address...
> so my internal private network wouldn't have a gateway, would it?
>
> My network is set up so that me and my girlfriend both have "music"
> boxes where we do our music composing, and it's okay for them to have
> private IPs and have net access through NAT controlled by my gateway
> running IP-MASQ. I have three computers that I need public though -
> my employer-owned development box for work, my personal webserver,
> and a winbox that needs an IP for videoconferencing purposes.
> The thing I'm freaked about is that my personal webserver is liable
> to get quite popular once I launch my new website. I have three
> static IPs allocated to me, one for each of them. I also have a x86
> box left over, but I'd rather give that to my girlfriend than make
> it a firewall and have to get a fourth static IP. This is where I
> get confused, trying to figure out how to set it up.
>
> My best guess so far is to:
> 1) Arbitrarily pick one of the three public boxes to be my gateway,
> put two nics in it
> 2) Plug the DSL router into its eth0
> 3) Give eth1 a private IP like 192.168.1.1, plug it into a hub
> 4) Plug *all* the other computers into the hub, give two of them
> the other static IPs, and the other ones other 192.168.1.*
> addresses.
> 5) Make 192.168.1.1 be the gateway of the private boxes, and
> my gateway's static IP be the gateway of my public boxes.
> 6) Run ipchains on my gateway to handle traffic on all the other
> boxes - as a result my gateway will still be insecure.
>
> Another, less secure option is to:
> 1) Put a hub between my DSL router and everything else
> 2) Plug my three public computers into the hub
> 3) Put a second ethernet interface in one of them (forget bridging)
> and make it the gateway for my private "music" NAT network - plug
> that into a second hub along with all the private boxes
> (that's pretty much what I have going on now)
>
> And the third, most secure is:
> 1) Put a fourth box with a static IP between my router and everything
> else, with two nics, to serve solely as a firewall.
> 2) Plug all three of my public boxes and the FW's second eth into a hub
> 3) In turn make one of the internal computers be a gateway (with a
> second nic) to my private network with its own hub.
>
> By now, my head is spinning. Am I just skipping over a much easier
> configuration? Since I need three of my boxes to have static
> IPs, maybe I should just chuck the whole firewall idea...?
>
> Curt
>
