At 03:48 PM 04/02/2000 +0000, Samy Elashmawy
long post , will take it home and study it.
That's a good idea. I wanted you to have something you could print out and use as a reference when making your changes.
I see that you are also using dhcp? to pass out ips ?? Right
To answer your question briefly, yes. I use package 'dhcp' which is a DHCP Daemon (DHCPD) to hand out addresses to the machines on my internal network. There are two packages you can install under series 'n' in yast: "dhclient" and "dhcp". 'dhclient' is the DHCP client. Its configuration file is /etc/dhclient.conf It is loaded at boot time only if the following setting is present in /etc/rc.config: DHCLIENT="yes" Its job is to get an address from another machine's DHCP server. Your dialup firewall does NOT need to run the 'dhclient' package (the dhcp client). wvdial will get your address for you when you connect, assign it to your "ppp0" interface, and modify your routing table accordingly. 'dhcp' is the DHCP server/daemon, which I sometimes call DHCPD. Its configuration file is /etc/dhcpd.conf It is loaded at boot time only if the following setting is present in /etc/rc.config: START_DHCPD="yes" Its job is to provide addresses to other machines wanting to get ip addresses. You need to run this package somewhere on your network, either on your firewall, or on another machine.
wow lots of detial here.
I try to be complete.
It sounds like you're preparing a firewall/dialout box that connects you to the internet whenever one of your machines on your internal nettwork needs IP services/a connection to the internet.
Correct , hit the nial on the head.
Ok, piece of cake, my examples I provided in the last post should be very useful to you, since I pulled them off my firewall machine that works exactly how you want yours to. :-)
Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP daemon) that you want to control >what addresses the machines on your internal network receive. Your dialout connection will provide you with an address for your ppp0 link when you connect, so that angle is already taken care of.
Confusion here. DHCP is used to get the ips ip address that it assings to you each time you dial into it and start a connection. It then somehow passes/swaps/or hwahet ever it does this server assinged address with the ip masq configuration that expects the same ip adddress all the time.
You don't need to worry about the dhcp client software. wvdial.dod and wvdial will take care of this for you when you connect to the internet. It will get an ip address to bind to the "ppp0" device, and will modify the routing table accordingly.
My internal network has the following setup: My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed addresses to my other machines on my internal trusted network. I have four machines on the internal network: "fileserv", "agtiger", "bronze", and "twilight". DHCPD is configured to recognize the NIC card's hardware addresses and provide static IP's based on that. I also have a dynamic range of addresses available for unrecognized machines that hook to my network (ie, a friend brings their box over and wants to hook to my network quickly and easily).
Now here where I start getting confused. You are using DHCP to pass out ip numbebers based on hardware settings ? mac adress or what ? do they get a diffrent one each time ?
I am using the DHCP Daemon (ie, DHCPD, configured via /etc/dhcp.conf) to pass out addresses to my internal workstations. The firewall will provide a specific predetermined address if it recognizes the mac address of the card on the workstation making the request. It will provide a variable address from 192.168.1.200 to 192.168.1.220 if it does NOT recognize the mac address of the card on th workstation making the request. The firewall is configured to use 192.168.1.1 on eth0, always. This can be configured through yast: System Administration -> Network configuration -> Network base configuration Number Active Type of network Device name IP address [0] [x] Ethernet eth0 192.168.1.1 If you press <return> on that line, you'll get a configuration screen. Here's what mine looks like: Type of network: eth0 IP address of your machine: 192.168.1.1 Netmask (usually 255.255.255.0): 255.255.255.0 Default gateway address (if required): IP address of the Point-to-Point partner: The file server is to use a variable address assigned by running the dhcp client on eth0. This can be configured through yast: System Administration -> Network configuration -> Network base configuration Number Active Type of network Device name IP address [0] [x] Ethernet eth0 dhcpclient If you press <return> on that line, you'll get a configuration screen. Here's what mine looks like: Type of network: eth0 IP address of your machine: 192.168.1.10 Netmask (usually 255.255.255.0): 255.255.255.0 Default gateway address (if required): 192.168.1.1 IP address of the Point-to-Point partner: Now, you might be wondering, if you specified an IP address here, how does my file server get an address through the dhcp client? Select < Continue >, and return to the previous screen. Select "F3=Auto IP" and then < DHCP >. Now the machine will get its address from the DHCP server on the network (the firewall). :-) My windows workstations are configured to get their addresses from the firewall in this way:
From the "Start" menu:
[Start] [Settings] [Control Panel] [Network] Highlight the TCP/IP entry for your card Click the <Properties> button Select: Obtain an IP address automatically
I currently have set each machine with an ip address in yas that does not change.
You can do this if you want, you don't _have_ to run a dhcp server or the dhcp client on each machine in that event.
Then I have added the ip address and host names to the host file on each machoine. Starting to be a pian in the but with 5 boxes. Know of something easier ?
Yes, if you run the bind8 package on the firewall, and set up your hosts file there, the firewall will help other machines on your network by looking up addresses first in its /etc/hosts file, and then by connecting to the internet and resolving the address via another server.
Ok DHCPD , that some sort of deamon like wvdiaal.dod? right?
DHCPD is the DHCP Daemon/server. You run it on your firewall to provide network addresses to machines on your internal network.
so before I go furrther I need to figue out the dhcp set up , as right now my machines are hardcoded.
That would be a great place to start. :-)
Seems neat to use dhcp tp pass the ip address out as needed each time. You mentioned dhcp will assing a permant ip based on hardware ? Mac address right ? ipconfig to get this ?
Correct, except that the command you want to use is 'ifconfig'. Here's the output of ifconfig on my file server (192.168.1.10): root@fileserv:/home/agtiger > ifconfig eth0 Link encap:Ethernet HWaddr 00:50:04:AC:2A:B0 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2912 errors:0 dropped:0 overruns:0 frame:0 TX packets:4492 errors:0 dropped:0 overruns:0 carrier:0 collisions:1277 txqueuelen:100 Interrupt:18 Base address:0xe000 The hardware address you want to reference in the firewall's /etc/dhcpd.conf file is the "HWaddr 00:50:04:AC:2A:B0" part. Obviously, your 6 hexadecimal digits will be different. :-)
Can this be done in yast ? or is this the kind of thing that you end up doing out of yast and then must update the config out side of yast ?
I think the DHCP server (/etc/dhcpd.conf) on the firewall needs to be set up manually, not in YaST.
How do you piont the clients win/linux to grab the ip address form the dhcp server ?
See above. :-)
Is this the same one that handles the firewalling/dial up ect...
The firewall has a static address bound to eth0. (See above) The other machines have variable addresses, assigned by DHCPD on the firewall.
Is that secure to have it on the same dial up server ?
I can only answer that by saying "maybe". It's not visible from the "ppp0" interface, so it *should* be safe.
I segmented the firwall/dial up bax onto a seperate on to keet it segmanted from tha samba server. JP or Goerge Toft strongly recamended the bastion aproach to keep the bad stuff away.
*nod* I can only tell you how I run my setup. I have to have a reasonable amount of trust in my firewall to make my internal machines invisible from the outside, otherwise what's the point of running a firewall? :-)
Rgarding the firewalling , why the one from the suse web sight ? hows it diffrent from whats on the cd set ?
It's more up to date than the one on the CD set, it has more options, and in my opinion, runs better. It also allows for running a dhcp server on the same machine you're running a firewall on. Version 1.4 didn't allow for that.
Dial ups conections suck for big downloads ?
I heartily agree. However, SuSEfirewall 2.1 is a small package.
whats icq ?
It's a small chat program/net pager application created by Miribilis, and now owned/operated by AOL.
I also note your tackling all this from outside of yast ? why ? yast to simplistic ?
Yast doesn't allow for configuration of everything to do something this large. Yast can't manage SuSEfirewall, and I don't think it manages the DHCP server configuration. I administer my systems with a combination of YaST, and editing config files directly. Oh, one last thing, if you edit the /etc/rc.config file directly, don't forget to run "SuSEconfig" afterwards. YaST runs that after you change settings. :-) Hope this helped, Argentium -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/