/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi folks,
I'm something of a novice to this whole network administration bit, and I'm
trying to set up a reasonably complicated (for me anyway) network at home.
Here's what I (think I) want to do. (Suggestions for totally divergent
strategies now being accepted).
I've got a linux machine (RH 6.1 w/ appropriate security patches) with 3
NICs in it.
ETH0 is the outside world
ETH1 is my internal network of PCs, linux machines, and Macs
ETH2 is my DMZ, where I'm putting an SMPT/HTTP/POP/FTP/SSH/telnet server
that's going to host 2 domains.
The idea is that ETH1 will be 10.10.10.1, ETH2 will be 10.10.20.1, and the
do-it-all server in the DMZ will be 10.10.20.2. Traffic destined for the
server in the DMZ will reach it via port forwarding of packets apparently
destined for the external interface ETH0. The problem I envision I'll run
into with this strategy is that if I just forward inbound packets to ETH0 on
(say) port 80 to the 10.10.20.2 server, then all return packets for HTTP
connections from machines on the 10.10.10.0 network will get redirected off
to the wrong location (10.10.20.2). (Please clarify if I've misconceived
this problem - like I said, I'm still really new at this.)
So what I think I need to do is alias ETH0.
ETH0:0 would be the normal firewall address
ETH0:1 would be the virtual address for the server in the DMZ
Then, all inbound traffic apparently to ETH0:1 (on an accepted list of
ports) would be forwarded to the same port on 10.10.20.2, but all traffic
apparently to ETH0:0 would be deMASQed back to the correct machine on the
10.10.10.0 network.
The question I have is how to set up MASQing so that traffic from the
10.10.10.0 network appears to come from ETH0:0, and traffic from the
10.10.20.0 network appears to come from ETH0:1?
But like I said, if there's a better, and more accepted way of doing this,
by all means let me know.
Thanks for your help!
-Ben
PS- I scanned the archives and didn't see anything that really helped me out
with this. If it's there and I missed it, sorry 'bout that.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
