I just wanted to share some info with the list. John Lombardo has
gone beyond the call of duty in helping me setup an admittedly
odd-ball configuration. (Thanks, John!)
I have an ADSL line coming in with a small subnet assigned to it. I
have two groups at work that need access to the internet for http, ftp
and email. This would be easy except that I don't want admin to be
able to get to the sales computers and I don't want sales to see the
admin computers.
The STN box is a 486DX/33 w/ 24M RAM and a 120M HD. I have
three 3Com 3C509b boards set to non-pnp mode and the IO/IRQ
settings of 10/300, 11/310, and 5/320. Having all three cards the
same type made setup easy. In the Windows setup program, I
blanked out the base address and set the IRQ to AutoIRQ for both
the internal and external nets. This let the system auto probe and
find all three cards, assigning eth0, eth1, and eth2.
I wanted the internal nets to use DHCP for the clients and use the
range of 192.168.x.100-200. This would leave the very top and
bottom of both ranges for fixed IP's. I also setup longer default and
max DHCP lease times.
To setup the second internal interface and the firewall between the
two internal nets, the following can be cut and pasted into the http
interface under Advanced Options, Manual Startup Commands.
You will want to change the domain name to an appropriate one.
*************************
/bin/ifconfig eth2 192.168.1.1 netmask 255.255.255.0 broadcast
192.168.1.255
/bin/route add -net 192.168.1.0 eth2
/bin/route add -host 255.255.255.255 eth2
cat <<END > /etc/dhcpd.conf
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
default-lease-time 28800;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option domain-name "admin.xyzcorp.com";
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
default-lease-time 28800;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
option domain-name "sales.xyzcorp.com";
}
END
killall dhcpd
/bin/dhcpd -q -lf /mnt/dhcpdlea eth0 eth2
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
ipfwadm -F -i reject -S 192.168.0.0/24 -D 192.168.1.0/24
ipfwadm -F -i reject -S 192.168.1.0/24 -D 192.168.0.0/24
*************************
If you want DHCP to assign specific IP addresses based on a
clients ethernet address, insert the following before the "END" line
above. You will want to change the host name, hardware address
and IP address to your settings.
*************************
host haagen {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;
}
*************************
I hope that this will help someone else out there who needs a
similar setup.
Stan Simmons
_______________________________________________
ShareTheNet maillist - [EMAIL PROTECTED]
http://www.webserv.com/mailman/listinfo/sharethenet
