Mailinglist Archive: opensuse (3104 mails)

< Previous Next >
Re: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)
  • From: samelash@xxxxxxxxxxxxx (Samy Elashmawy)
  • Date: Sun, 02 Apr 2000 15:48:09 +0000
  • Message-id: <3.0.3.32.20000402154809.01065bbc@xxxxxxxxxxxxxxxxxx>



long post , will take it home and study it.
I see that you are also using dhcp? to pass out ips ?? Right

> Looks like I get a chance to repay the favor and help you with some
system configurations.

No problem , one hand helps the other , and you never know what/who is
next. Linux ccamrodery to the max

>>Dhcp ?? ip masq ??? Firewall ??
>
>Well, I'll tell you what I did, provide some examples, and maybe this will
give you a quicker start.

wow lots of detial here.

>It sounds like you're preparing a firewall/dialout box that connects you
to the internet whenever one of your machines on your internal nettwork
needs IP services/a connection to the internet.

Correct , hit the nial on the head.

>Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP
daemon) that you want to control >what addresses the machines on your
internal network receive. Your dialout connection will provide you with
>an address for your ppp0 link when you connect, so that angle is already
taken care of.
>

Confusion here. DHCP is used to get the ips ip address that it assings to
you each time you dial into it and start a connection. It then somehow
passes/swaps/or hwahet ever it does this server assinged address with the
ip masq configuration that expects the same ip adddress all the time.

>
>My internal network has the following setup:
>My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed
addresses to my other machines on my internal trusted network. I have four
machines on the internal network: "fileserv", "agtiger", "bronze", and
"twilight".
>DHCPD is configured to recognize the NIC card's hardware addresses and
provide static IP's based on that. I also have a dynamic range of
addresses available for unrecognized machines that hook to my network (ie,
a friend brings their box over and wants to hook to my network quickly and
easily).

Now here where I start getting confused. You are using DHCP to pass out ip
numbebers based on hardware settings ? mac adress or what ? do they get a
diffrent one each time ?

I currently have set each machine with an ip address in yas that does not
change. Then I have added the ip address and host names to the host file on
each machoine. Starting to be a pian in the but with 5 boxes. Know of
something easier ?

>"fileserv" is my fileserver and gets address 192.168.1.10
>"agtiger" is a linux/win98 dual boot workstation and gets address
"192.168.1.101"
>"bronze" is a win95 workstation and gets address "192.168.1.102"
>"twilight" is a win98 workstation and gets address "192.168.1.103"
>Lastly, new machines I don't recognize get addresses between
"192.168.1.200" and "192.168.1.220" inclusive.

This is neat for file coping ect...

>
>Let's start with DHCP. Using Yast, install "dhcp" out of series n
(Network-Support (TCP/IP, UUCP, Mail, >News)

wvdial.dod makes a connection each time its nead4ed , and each time it is
assinged a diffrent ip number , so I understand that dhcp is what grabs the
number ans with some magic gets ip masq/fowarding to use it instad of a
hard coded permanent number ?

allready installed along with ipchians and ipmasqad packages. I just dont
know how to use them and what order.

>You'll then need to edit your /etc/dhcpd.conf

Ok DHCPD , that some sort of deamon like wvdiaal.dod? right?

o before I go furrther I need to figue out the dhcp set up , as right now
my machines are hardcoded.
Seems neat to use dhcp tp pass the ip address out as needed each time. You
mentioned dhcp will assing a permant ip based on hardware ? Mac address
right ? ipconfig to get this ?

Dont't want to get into half way and then decide to change things around.
what is involved in seting dhcp to pass them out based on hardware , then
leave a range for temp add ins.

Can this be done in yast ? or is this the kind of thing that you end up
doing out of yast and then must update the config out side of yast ? How do
you piont the clients win/linux to grab the ip address form the dhcp server
? Is this the same one that handles the firewalling/dial up ect... Is that
secure to have it on the same dial up server ? I segmented the firwall/dial
up bax onto a seperate on to keet it segmanted from tha samba server. JP or
Goerge Toft strongly recamended the bastion aproach to keep the bad stuff
away.

Rgarding the firewalling , why the one from the suse web sight ? hows it
diffrent from whats on the cd set ?
Dial ups conections suck for big downloads ?

whats icq ?

I also note your tackling all this from outside of yast ? why ? yast to
simplistic ?


--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


< Previous Next >
Follow Ups
References