[Leaf-user] routed subnet & dmz help

Mon, 04 Mar 2002 18:09:32 -0800 


Hi,

I just got a dsl line installed, and am using the dachstein-cd leaf
release.  I've got my router setup with 3 ethernet cards.  All my internal
machines (192.168.1.x) can connect to the internet fine, and
portforwarding on the router's external interface to ports on internal
machines work fine, too.

However, I'd like to be able to connect to multiple internal boxes on the
same ports.  My ISP gave me a "routed subnet" - they set things up so a
range of ip addresses will route to my router's external ip address.  I
figured, I'd setup DMZ to handle forwarding these addresses to my internal
lan machines.

I added another ip address to one of my internal boxes (originally it was
192.168.1.3 - I did the following two commands: )

"ifconfig eth0:1 192.168.2.1"
"route add -host 192.168.2.1 dev eth0:1"

And then altered the router's network.conf like so:

IF_AUTO="eth0 eth1 eth2"

eth2_IPADDR=192.168.2.254
eth2_MASKLEN=24
eth2_BROADCAST=+
eth2_ROUTES=192.168.2.1/10
eth2_IP_SPOOF=YES
eth2_IP_KRNL_LOGMARTIANS=NO
eth2_IP_SHARED_MEDIA=NO
eth2_BRIDGE=NO
eth2_PROXY_ARP=NO
eth2_FAIRQ=NO

DMZ_SWITCH=YES
DMZ_IF="eth2"
DMZ_NET=192.168.2.1/10
DMZ_SRC=216.158.54.224/229
DMZ_HIGH_TCP_CONNECT=NO
DMZ_OPEN_DEST=" tcp_${DMZ_NET}_80
                tcp_${DMZ_NET}_22
                tcp_${DMZ_NET}_110
                tcp_${DMZ_NET}_25"
DMZ_SERVER0="tcp 216.158.54.224 ssh 192.168.2.1 ssh"

I ran "/etc/init.d/network stop", followed by start, to bring up the new
interface.

This allows me to ping 192.168.2.1 (internal computer) from the router,
and ping 192.168.2.254 (router) from the internal computer, but I cannot
ping 216.158.54.224 from outside the lan.

All connections are going through the same hub, if that makes any sort of
difference.

Can anyone point out where I am going wrong?

Thanks,
Kevin


-- 
 (kevin mudrick)   ([EMAIL PROTECTED])   (www.bleachedwhale.com)
  pgp key available at http://www.bleachedwhale.com/kevinGPG.asc

 Despair: It's always darkest just before it goes pitch black.






_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to