[H-GEN] Routing and stuff

Michael Anthon mca at tams.com.au
Wed Dec 15 03:11:27 EST 1999 

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

One option is to add a second IP address (alias) to the interfaces, so you
can have 
eth0 as 192.169....
eth0:1 as 203.46....

This removes the requirement for a second physical subnet.  It is, however,
possible to run the LAN on the new addresses only and use the firewall to
block access from the rest of the world except to those services that you
want to make available.  I am no security expert, but I believe that running
a second subnet on the same physical segment is slighlty more secure since
those addresses will not route, even if you stuff up the firewall rules and
allow full access to everything.  The only down side I can think of is that
all traffic between the 2 logical subnets must be routed via the NIC in one
of the machines.

The addition of aliases in Linux in trivial, and it is even possible to do
it with Win95/98/NT if you know how (NT is also pretty easy).


Cheers
Michael Anthon


> -----Original Message-----
> From: Murray Spork [mailto:murray at bucks.net]
> Sent: Thursday, 16 December 1999 3:34 AM
> To: general at lists.humbug.org.au
> Subject: [H-GEN] Routing and stuff
> 
> 
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics.  Please observe the list's charter.          ]
> 
> Hi,
> 
> I've been using a linux box to masquerade for my LAN (3 
> windoze clients and one
> linux workstation). I use the 192.168.8.0/255 private network 
> for my LAN.
> 
> Yesterday telstra direct activated my new permanent access 
> account (via modem).
> :-)
> 
> I have been allocated the sub-class C network of 
> 203.46.211.40/29 which gives me
> 6 usable IPs.
> 
> I am not sure what strategy to adopt at this stage.
> 
> I would like to keep the workstations masqueraded. I can't think of
> any reason why they (except maybe the linux workstation) need 
> to be directly on
> the Internet (it's safer to masquerade them surely?).
> 
> I intend having a least 2 linux servers on the internet at 
> this stage -- a
> firewall and a webserver. The webserver is also doing file 
> serving (using Samba)
> for the LAN.
> 
> But this would entail running 2 different networks and I'm 
> not sure how to do
> this. Would I have to have 2 NICs in a gateway between my 
> private LAN and the
> sub-class C network?
> 
> For example --
> 
> 
> Telstra
> Gateway
> 139.130.141.99 [Telstra Gateway IP]:
>    |
>    |
> firewall
> ppp0 139.130.141.105 [My WAN IP]
> eth0 203.46.211.41    [sub-class C] eth0
>    |
>    |
> webserver
> eth0 203.46.211.42  [sub-class C]
> eth1 192.168.8.1
>    |
>    |
> Private LAN [192.168.8.0/255]
> 
> Does that make sense? Or would I be better off just 
> forgetting about the
> complications of masquerading to the private LAN and just use 
> the IPs I've been
> allocated for the workstations as well (I have enough IPs to 
> do this with the
> sub-class C at the moment -- though this may change)
> 
> In the meantime I want to get email working for my new 
> domain. Can I use the IP
> for my PPP connection (i.e. 139.130.141.98 in the above 
> example) for the MX
> record?
> 
> Any help is greatly appreciated.
> 
> Thanks,
> 
> Murray Spork
> 
> 
> 
> --
> * This is list (humbug) general handled by 
> majordomo at lists.humbug.org.au .
> * Postings to this list are only accepted from subscribed addresses of
> * lists 'general' or 'general-post'.
> 

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list