Mailinglist Archive: opensuse (3104 mails)

< Previous Next >
Re: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)
  • From: samelash@xxxxxxxxxxxxx (Samy Elashmawy)
  • Date: Sun, 02 Apr 2000 15:48:09 +0000
  • Message-id: <>

long post , will take it home and study it.
I see that you are also using dhcp? to pass out ips ?? Right

> Looks like I get a chance to repay the favor and help you with some
system configurations.

No problem , one hand helps the other , and you never know what/who is
next. Linux ccamrodery to the max

>>Dhcp ?? ip masq ??? Firewall ??
>Well, I'll tell you what I did, provide some examples, and maybe this will
give you a quicker start.

wow lots of detial here.

>It sounds like you're preparing a firewall/dialout box that connects you
to the internet whenever one of your machines on your internal nettwork
needs IP services/a connection to the internet.

Correct , hit the nial on the head.

>Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP
daemon) that you want to control >what addresses the machines on your
internal network receive. Your dialout connection will provide you with
>an address for your ppp0 link when you connect, so that angle is already
taken care of.

Confusion here. DHCP is used to get the ips ip address that it assings to
you each time you dial into it and start a connection. It then somehow
passes/swaps/or hwahet ever it does this server assinged address with the
ip masq configuration that expects the same ip adddress all the time.

>My internal network has the following setup:
>My firewall has eth0 configured as It runs DHCPD to feed
addresses to my other machines on my internal trusted network. I have four
machines on the internal network: "fileserv", "agtiger", "bronze", and
>DHCPD is configured to recognize the NIC card's hardware addresses and
provide static IP's based on that. I also have a dynamic range of
addresses available for unrecognized machines that hook to my network (ie,
a friend brings their box over and wants to hook to my network quickly and

Now here where I start getting confused. You are using DHCP to pass out ip
numbebers based on hardware settings ? mac adress or what ? do they get a
diffrent one each time ?

I currently have set each machine with an ip address in yas that does not
change. Then I have added the ip address and host names to the host file on
each machoine. Starting to be a pian in the but with 5 boxes. Know of
something easier ?

>"fileserv" is my fileserver and gets address
>"agtiger" is a linux/win98 dual boot workstation and gets address
>"bronze" is a win95 workstation and gets address ""
>"twilight" is a win98 workstation and gets address ""
>Lastly, new machines I don't recognize get addresses between
"" and "" inclusive.

This is neat for file coping ect...

>Let's start with DHCP. Using Yast, install "dhcp" out of series n
(Network-Support (TCP/IP, UUCP, Mail, >News)

wvdial.dod makes a connection each time its nead4ed , and each time it is
assinged a diffrent ip number , so I understand that dhcp is what grabs the
number ans with some magic gets ip masq/fowarding to use it instad of a
hard coded permanent number ?

allready installed along with ipchians and ipmasqad packages. I just dont
know how to use them and what order.

>You'll then need to edit your /etc/dhcpd.conf

Ok DHCPD , that some sort of deamon like wvdiaal.dod? right?

o before I go furrther I need to figue out the dhcp set up , as right now
my machines are hardcoded.
Seems neat to use dhcp tp pass the ip address out as needed each time. You
mentioned dhcp will assing a permant ip based on hardware ? Mac address
right ? ipconfig to get this ?

Dont't want to get into half way and then decide to change things around.
what is involved in seting dhcp to pass them out based on hardware , then
leave a range for temp add ins.

Can this be done in yast ? or is this the kind of thing that you end up
doing out of yast and then must update the config out side of yast ? How do
you piont the clients win/linux to grab the ip address form the dhcp server
? Is this the same one that handles the firewalling/dial up ect... Is that
secure to have it on the same dial up server ? I segmented the firwall/dial
up bax onto a seperate on to keet it segmanted from tha samba server. JP or
Goerge Toft strongly recamended the bastion aproach to keep the bad stuff

Rgarding the firewalling , why the one from the suse web sight ? hows it
diffrent from whats on the cd set ?
Dial ups conections suck for big downloads ?

whats icq ?

I also note your tackling all this from outside of yast ? why ? yast to
simplistic ?

To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at

< Previous Next >
Follow Ups