-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All:
I'm using a crossover cable between my dual homed Linux server /
router and Linux firewall with no problems. No second hub is needed,
unless you need great distance or more machines connected to the
firewall (external) network segment. The DSL to dual homed firewall
segment should remain a straight through 1-1, 2-2, 3-3, 6-6 cable, as
a crossover will cause everyone to stop talking. The way I've done
things requires four (yes four) Ethernet adapters between the firewall
and server, but since I'm twice masqueraded, somebody's really got to
work at getting in.
Even if you are not using an external Ethernet bastion firewall box,
you can apply the same principles to a dual homed Linux router /
masquerade box. The physical layer stuff never changes (thank God!).
Bill Strosberg
- -----Original Message-----
From: Audie Pierre [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, December 02, 1998 4:24 PM
To: Caleb Shay
Cc: Masq
Subject: Re: [masq] New to this
Actually, you can run IP MASQ on a Linux box with only one network
interface; however, it is not recommended because of security reasons.
You
can bring up an alias of eth0 precisely eth0:0 with a private net IP
(192.168.1.x). That way everything would be connected to the same hub
(INTERNET & PRIVATE NET). Keep in mind that IP ALIASING must be
enabled in
the KERNEL.
Logically a dual-homed Linux box (with 2 network interfaces) is the
best
configuration because it allows for both security using INPUT & OUTPUT
rules
and a clean set of rules which distinguish packets between the
internal and
the external interface.
Do yourself a favor, get another HUB and another network interface.
They are
rather inexpensive these days. Well, before you buy the HUB try a
crossover
cable between the DSL modem and the Linux box; It might just work.
By no means am I trying to discourage you from experimenting with IP
ALIASING and whatever else that may come out of your imagination.
Knock yourself out! Ciao!!!
Caleb Shay wrote:
> Hi all,
>
> I'm new to this, so bear with me.
>
> I just want to know if this will work, I'll worry about how to
actually
> do it later.
>
> I currently have my internet connection coming in via DSL. The DSL
> modem has a single ethernet cable that connects straight to my
> machine. I have a single static IP. I just bought a second
machine.
> As far as I can tell, to set up IP Masq I'm going to need to have 2
NICs
> in one of the machines. Or do I? Can I run from the modem to a
hub,
> have both machines in the hub also, and do my IP's like this...
>
> Machine 1: Static IP to outside world and private IP aliased to same
> device (eth0)
> Machine 2: private IP with Machine 1's private IP as the gateway.
>
> Will this work, or am I just imagining things and I have to go pick
up a
> second ethernet card and hope I can make it work (not usually an
issue,
> but there is so much hardware in my machine I don't have any free
> IRQs)? I'm not much of a networking genius either, if I can do
this, do
> I need to use a crossover cable from the modem to the hub?
(currently I
> just run a straight thru cable from the modem to my NIC)
>
> Thanks,
>
> Caleb Shay
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> --
> I have too much blood in my caffeine system.
>
- ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
- --
Audie P.
The perimeters that we put on ourselves
are self-imposed...There are no boundaries.
- ---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
iQA/AwUBNmW4mb54Nqd1rjuWEQJu3gCgtrMmgPwMBy9MDOk7/tAmTMjomqwAoI1a
H2hqZic6CvgCqzpBZ5/Jbp4g
=4H3b
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
