[H-GEN] Routing and stuff

Martin Pool martinp at mincom.com
Wed Dec 15 20:43:20 EST 1999 

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]


> I have been allocated the sub-class C network of 203.46.211.40/29 which gives me
> 6 usable IPs.

Really?  I don't think you _have_ to have a broadcast address, so you
could get seven out of it.  Maybe I'm dreaming.

> I would like to keep the workstations masqueraded. I can't think of
> any reason why they (except maybe the linux workstation) need to be directly on
> the Internet (it's safer to masquerade them surely?).

I'm not sure that it's much safer to masquerade them than just to
firewall them, and it comes with a small degradation in usability.

I would be inclined to use IP firewalling and proxies on the gateway
machine, and run your web server inside on one of the public IPs.  The
other machines can run on a private IP space but on the same physical
segment.

It's a matter of which is the lesser evil as to whether you put the web
server on the same machine as the firewall or the LAN server.  I would
probably lean towards putting it on the firewall, so that at least if
it's compromised people don't get at your private data.

I wouldn't route through the web server.

> In the meantime I want to get email working for my new domain. Can I use the IP
> for my PPP connection (i.e. 139.130.141.98 in the above example) for the MX
> record?

I don't see why not.

-- 
 /\\\  Mincom | Martin Pool          | martinp at mincom.com
// \\\        | Software Engineer    | Phone: +61 7 3303-3333
\\ ///        | Mincom Limited       | Teneriffe, Brisbane
 \///         | And now a word from our sponsor...

This transmission is for the intended addressee only and is
confidential information. If you have received this
transmission in error, please delete it and notify the
sender. The contents of this E-mail are the opinion of the
writer only and are not endorsed by Mincom Limited unless
expressly stated otherwise.

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list