Benjamen R. Meyer wrote:
This is my home network - so yes, it is a router & firewall for a small
network, but it also doubles as my server for Subversion, Apache, DNS,
and other stuff that I run (namely to play with, but also for other
reasons). It does have multiple interfaces (eth0 connected to the
Internet, and eth1 & eth2 connected to my home network).
I use the ethX:Y aliases to separate some of the services out onto
separate IPs for logical reasons.
I know - it's a bit of overkill for my small network, but it's fun to
play with & maintain - and I have installed networks for companies based
on it - so it's useful experience too.
I've tried the following:
route_eth1("default via ${COMMAND_STRING_TO_EXTRACT_IP_OF_ETH1}")
I fail to see how this could ever work, adding a default route for an
interface with the ip-address of the same interface.
Oops...that should have been:
route_eth1("default via ${COMMAND_STRING_TO_EXTRACT_IP_OF_ETH0}")
typo in the original.
Please describe the situation and your end-goal more clearly.
Basic Diagram:
+-------server--------+
| |
Internet <-> - eth0 |
| ^ |
| | |
| +->Firewall |
| ^ |
| | |
| +------>eth1 - <-> Home Network #1
| | |
| +------>eth2 - <-> Home Network #2
| |
+---------------------+
End Goal:
1. The "server" shall provider router & firewall functionality in order
to provide Internet access to itself and clients on the Home Networks.
2. The "firewall" shall only allow desired traffic through.
2.1 Desired traffic shall be defined as traffic that originates from the
Home Network and the "server" itself; as well as allowed daemon services
provided by the "server" itself.
3. The router shall direct traffic to the appropriate networks.
I could go into some more details - as I am eventually planning on doing
some more things, like separating traffic between my "wireless" &
"wired" systems. However, that is a future project at this point. My
primary goal is the above so that I can replace my older server with my
new one.
Ah, In that case why don't you allow the dhcp of your ISP set the
default gw on your firewall ?
That should be correct in all cases.
Additionally you can specify routes to specific parts of your
home-network in case you use internet-reachable ip addresses on eth1 or
eth2.
In that case you would need to use proxyARP on the firewall.
I tend to give gateways/routers a x.x.x.254 address for easy reference,
in case of redundant gateways I put the real-ip's at 252 & 253 resp.
So if eth1 has your wired home network I'd choose 192.168.1.254 and run
dhcpd on that interface to relay that information + an ip-address to all
clients.
If eth2 has your wireless home network I'd choose 192.168.2.254 and run
dhcpd on that interface to relay that information + an ip-address to all
clients.
2/2.1 is a question of setting up the correct firewall rules, I can
recommend shorewall. If you can't do it with shorewall, there's a good
chance that it can't be done at all :-)
3. See 2.
Good luck.
Ramon
Grtz Ramon
--
[EMAIL PROTECTED] mailing list
