From ncfcrh@global.co.za Wed Oct 18 06:27:35 2000
From: ncfcrh@global.co.za
To: users@lists.opensuse.org
Subject: [SLE] Masquerading
Date: Wed, 18 Oct 2000 08:27:35 +0200
Message-ID: <000e01c038cc$81552a60$0100a8c0@newcreation.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7880378519316666424=="

--===============7880378519316666424==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit




Hi

I have successfully set up a Linux box to masquerade our internal network to
the internet via ISDN.  Spurred on by this success,  I would now like to
help a friend do a similar thing with his network,  the difference being
that his network will be connected to another network in the same building
in order to share their leased line access.  As I understand it,  this
requires a machine with two network cards,  one connected to his setup,  and
the other connected to the hub of the second network.  Am I correct in
assuming that the procedures for getting this to work are much the same as I
have gone through with my own masquerading setup?

i.e.     1.    I should use IPchains via SuSE firewals to set up
masquerading;
          2.   The network card which points to his internal network should
be assigned its own address;
          3.   Now the problem : should the second card which points to the
network using the leased line have an address on                     that
internal network or the IP address assigned by the ISP for the leased line?
          4.    Also,  how does one setup an effective firewall that will be
sufficient to protect my friend's network?
          5.    What kind of machine (specifications) will be needed to
achieve all of the above if all it does is route traffic
between the two networks?

Thanks for your help - I hope I have stated my questions clearly enough!

Grant R Walton


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.198 / Virus Database: 95 - Release Date: 00/10/04


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2722.2800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I have successfully set up a Linux box to 
masquerade our internal network tothe internet via ISDN.  Spurred on by 
this success,  I would now like tohelp a friend do a similar thing with 
his network,  the difference beingthat his network will be connected to 
another network in the same buildingin order to share their leased line 
access.  As I understand it,  thisrequires a machine with two 
network cards,  one connected to his setup,  andthe other 
connected to the hub of the second network.  Am I correct inassuming 
that the procedures for getting this to work are much the same as Ihave gone 
through with my own masquerading setup?</FONT></DIV>
<DIV><FONT face=Arial size=2>i.e.     
1.    I should use IPchains via SuSE firewals to set 
upmasquerading;<BR>          
2.   The network card which points to his internal network 
shouldbe assigned its own 
address;          
3.   Now the problem : should the second card which points to 
thenetwork using the leased line have an address 
on                     
thatinternal network or the IP address assigned by the ISP for the leased 
line?          
4.    Also,  how does one setup an effective firewall that 
will beufficient to protect my friend's 
network?          
5.    What kind of machine (specifications) will be needed 
toachieve all of the above if all it does is route traffic<BR>between the 
two networks?<BR>Thanks for your help - I hope I have stated my questions 
clearly enough!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Grant R Walton<BR></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>---<BR>Outgoing mail is certified Virus 
Free.Checked by AVG anti-virus system (<A 
href="http://www.grisoft.com">http://www.grisoft.com</A>).Version: 6.0.198 / 
Virus Database: 95 - Release Date: 00/10/04</DIV></FONT></BODY>

--===============7880378519316666424==--


From johnc@gamesdomain.com Wed Oct 18 10:01:08 2000
From: johnc@gamesdomain.com
To: users@lists.opensuse.org
Subject: Re: [SLE] Masquerading
Date: Wed, 18 Oct 2000 10:01:08 +0000
Message-ID: <39ED74E4.23029.4D5CA63@localhost>
In-Reply-To: <000e01c038cc$81552a60$0100a8c0@newcreation.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2413903424069498515=="

--===============2413903424069498515==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable




Hi

You can set up the SuSE firewall the same way you did for the=20
ISDN connection, but substitute eth1 or whatever for the ISDN=20
interface. ie the external network is the LAN, and the internal=20
network is your friend's LAN.=20

> i.e.     1.    I should use IPchains via SuSE firewals to set up
> masquerading;

Yes, you need 1 IP address on the 'parent' lan which is your=20
external IP for NAT.  Masquerade all addresses behind this=20
address.

>           2.   The network card which points to his internal network
>           should
> be assigned its own address;

Yes, I'm guessing 192.168.x.x would do, just make sure its on a=20
different subnet to the 'parent' LAN.

>           3.   Now the problem : should the second card which points
>           to the
> network using the leased line have an address on                   =20
> that internal network or the IP address assigned by the ISP for the
> leased line?

This should have the address on the 'parent' lan.

>           4.    Also,  how does one setup an effective firewall that
>           will be
> sufficient to protect my friend's network?

There's really no difference between routing between ISDN and=20
network and LAN-LAN. Just don't allow anything in unless its=20
needed, paying special attention to DNS/SMTP/etc.

>           5.    What kind of machine (specifications) will be needed
>           to
> achieve all of the above if all it does is route traffic
> between the two networks?

Any old machine with 2 NICs, I've acheived this with a 486 before=20
now :-)

You probably only need 10Mbps NICs too, unless they've got a=20
crazy leased line :-)

Then set the default route for your LAN to be the internal IP of the=20
router, and everything should be great!

Hope this helps
- John


--=20
To unsubscribe send e-mail to suse-linux-e-unsubscribe(a)suse.com
For additional commands send e-mail to suse-linux-e-help(a)suse.com          =
  =20
Also check the FAQ at http://www.suse.com/support/faq     =20


--===============2413903424069498515==--