On Sat, 2002-01-05 at 20:27, James wrote: > If it was too long for the subject line: > > Internet <---> 486 firewall & NAT <---> Workstation
On your side of the firewall you have a private network. There is an RFC defining this but it is either 10.?.?.? or 192.168.0.? (172 as well from memory). Picking one, 198.162.0.? The firewall is your gateway to the world. On one side it has the hostile internet on the other it has your safe private network. There are two network cards in the firewall, internet and private. If you can find cheap 10 base cards then they are all you need for this. If you are paying $30 per card then you should be buying 10/100 cards. Cards are described in the enternet howto (invaluable for old cards!) The firewall/gateway will have one side connecting to the internet. This is typcially DHCP to dynamically pick up an IP address. This is provided by the dhcpcd client. This will create your resolv.conf on your gateway. To test your outside ping connection ping something, ping slug.org.au. This should resolve to an IP (138.25.7.4) and get the packets, if it does not then ping the ip address above. If this pings then you resolv.conf is not working. The private network side of the gateway it is easiest to use static. It is traditional to use ?.?.?.1 as the gateway for a network. Sticking with this and using 198.162.0.? as out network we set the IP address of the second ethernet card to 198.16.0.1 the netmask is 255.255.255.0. You work station is going to talk to a network (198.162.0.?) or else throw it to the gateway to send the data on (ie internet). Your IP address on your workstation would be 198.162.0.2 (or 3 or 4... or 254). Now we test that we can talk to the gateway using `ping 198.162.0.1`. This should respond quickly. To get to the internet from a private network we have to masquerade (masquerade howto). For debian there is a simple package that sets up a reasonable box ipmasq on debian. This does all the rules that set up a fairly basic working set. I have yet to be hacked and I was hacked using redhat 6.2 using my own very very basic rules. Waring ping does not work from inside the network with ipmasq, ping slug.org.au will give me an IP address and then nothing until I control-c. This is normal. Run you favourite browser and try to talk to the world. Pick a site you have never been to before to ensure you are not hitting your cache. You should be cooking with gas. Hope this helps KenF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
