civileme wrote:
> On Tuesday 10 July 2001 04:47, Darcy Brodie wrote:
> > Hello
> > I hope that this can be done. I currently have a LM7.2 box as a
> > firewall for our internet access. Cable modem from ISP is going to
> > eth0. eth1 (100baseT) is going to the internal network. What I need to
> > do, is add a 3rd network card to allow me to also have a 10baseT network
> > within the local netwok. Can this be done with Linux? Have not been
> > able to find any information in the how-to's on this configuration.
> > I also, if need be, have access to a second Linux file server, that
> > I could add additional network cards into (it currently only has 1 card
> > in it)
> > I am currently using class C IP 's in the 192.168.1.X range, but
> > this is flexible if required.
> >
> > Thanks
> >
> > Darcy
>
> Just add the card and setup adaptor. If you are making this a different
> network and want the two to talk, you will need to setup a route and make
> sure your internet masquerading rules apply only to forwards pointed at the
> internet interface. Since the first instruction in many masquerading setups
> is
>
> ipchains -P forward DENY
>
> you will need to write a series of rules in terms of -i ethx -o ethy to cover
> all possible combos. Of course if you set up netmasks so they are
> effectively on the same network, then the route does not need to be added,
> but you still need the rules for forwarding.
>
> Another approach, using your other box, is to make it a masquerading gayeway
> from the 10baseT net to the 192.168 net, and use some other schem for the
> others like 172.16.x.y This permits both local net and internet access and
> keeps the networks separated without a lot of rules complexity.
> internet
> _________|____________
> | Gateway |
> | Current |
> | Local |
> |_____________________|
> |
> _____|___________________________
> | |
> |_________________ ______|________
> | | | | | | Other box |
> (current local net) | Interface to |
> | other |
> |______________|
> |
> ______|________
> | | | |
> (new local net)
>
> In the ASCIIgram above, the boxes shown both use masquerading and the one
> handling the 10MHz net is 100MHz on the main net, something like a data
> compression switch. It can also be peered with the other local net computers.
>
> Finally, how about just using one port off a switch to a switch for the
> 10BaseT machines? If you do not need a separate network, it will slow things
> only at choke points like your internet gateway/file server.
>
> Civileme
Thanks.
I know that a switch would be the easiest way to get this to work, however, I
have a tight (almost non-existant) budget to work with. I will try this probably
Tues evening
Darcy
