---------- Forwarded message ---------- From: Karan Misra <[EMAIL PROTECTED]> Date: Fri, 22 Oct 2004 10:55:31 +0530 Subject: Re: [LARTC] hi all To: Craig Steadman <[EMAIL PROTECTED]>
hi man, thanks for the responce. my head is totally screwed up regd the concepts of subnetting. i mean: i want my internal lan to be the 10.xx.yy.zz/8 network. so for the lan my firewall is the default gateway right. i mean, do i place the IP address i assign to the NIC on the firewall for the internal lan as the default gateway for the rest of the computers. i plan to give different different departments different ranges like 10.101.yy.zz for the computer science dept. how do i do that....? now we only hv a single CISCO 1720 router and a heirarchial Catalyst 2950 network campus wide. the firewall (gateway) system will be three-homed with NIC for connecting to the: router, DMZ subnet and the internal lan. also 1 more confusion: suppose i want to use 10.209.yy.zz for the DMZ network and 10.xx.yy.zz for the internal lan, is it possible???? isnt there a overlap. i used some sample scripts for firewalling from frozentux but i distinctly remember that now "ip route" commands were used anywhere. i need to specify particular routes on the firewall (gateway) system, right?? please help this marred "hoping-to-be" sys-admin. regds, karan On Fri, 22 Oct 2004 10:48:54 +0800, Craig Steadman <[EMAIL PROTECTED]> wrote: > > > Hi Karan > I've put the scripts I use for firewalling on sourceforge > http://bastionx.sourceforge.net > theres plenty of framework to help you. > > The firewalling internals called netfilter are controlled > with iptables command. The routing and interface management > is controlled with the iproute2 suite of commands. > eg ip > > Multiple interfaces are not a problem you just have to make > sure the appropriate rules are in place to control the packet > flow. > > Cheers > Craig > > On Fri, 2004-10-22 at 04:50, Karan Misra wrote: > > hi, > > > > i hv been burning nights reading howtos and manuals for iproute2 and > > iptables aiming at succesfully implementing a DMZ-NAT solution for our > > college (institute.) > > > > i am a student and never had past experience but hv used linux for > > quite some time now. > > > > so my first question is: do the functions of iptables and iproute2 > > overlap atall. i am preety confused regd this matter. > > > > 2nd: is it possible to hv multiple NIC in a single linux mach (FC1) > > and assign them addresses like 203.193.144.98/27, 10.209.250.1/16, > > 10.200.250.1/8. i used a howto to create a rc.firewall and it only > > used iptables and also enabled ip forwarding. > > after the setup, i was not able to ping even physically connected > > systems (tho i was able to get across to my router at 203.193.144.97). > > > > please clarify....? > > > > regds, > > karan > > -- Badda bing, badda bang, badda bong --- and voila!! -- Badda bing, badda bang, badda bong --- and voila!! _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
