long post , will take it home and study it. I see that you are also using dhcp? to pass out ips ?? Right
Looks like I get a chance to repay the favor and help you with some system configurations.
No problem , one hand helps the other , and you never know what/who is next. Linux ccamrodery to the max
Dhcp ?? ip masq ??? Firewall ??
Well, I'll tell you what I did, provide some examples, and maybe this will give you a quicker start.
wow lots of detial here.
It sounds like you're preparing a firewall/dialout box that connects you to the internet whenever one of your machines on your internal nettwork needs IP services/a connection to the internet.
Correct , hit the nial on the head.
Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP daemon) that you want to control >what addresses the machines on your internal network receive. Your dialout connection will provide you with an address for your ppp0 link when you connect, so that angle is already taken care of.
Confusion here. DHCP is used to get the ips ip address that it assings to you each time you dial into it and start a connection. It then somehow passes/swaps/or hwahet ever it does this server assinged address with the ip masq configuration that expects the same ip adddress all the time.
My internal network has the following setup: My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed
DHCPD is configured to recognize the NIC card's hardware addresses and
addresses to my other machines on my internal trusted network. I have four machines on the internal network: "fileserv", "agtiger", "bronze", and "twilight". provide static IP's based on that. I also have a dynamic range of addresses available for unrecognized machines that hook to my network (ie, a friend brings their box over and wants to hook to my network quickly and easily). Now here where I start getting confused. You are using DHCP to pass out ip numbebers based on hardware settings ? mac adress or what ? do they get a diffrent one each time ? I currently have set each machine with an ip address in yas that does not change. Then I have added the ip address and host names to the host file on each machoine. Starting to be a pian in the but with 5 boxes. Know of something easier ?
"fileserv" is my fileserver and gets address 192.168.1.10 "agtiger" is a linux/win98 dual boot workstation and gets address "192.168.1.101" "bronze" is a win95 workstation and gets address "192.168.1.102" "twilight" is a win98 workstation and gets address "192.168.1.103" Lastly, new machines I don't recognize get addresses between "192.168.1.200" and "192.168.1.220" inclusive.
This is neat for file coping ect...
Let's start with DHCP. Using Yast, install "dhcp" out of series n
(Network-Support (TCP/IP, UUCP, Mail, >News) wvdial.dod makes a connection each time its nead4ed , and each time it is assinged a diffrent ip number , so I understand that dhcp is what grabs the number ans with some magic gets ip masq/fowarding to use it instad of a hard coded permanent number ? allready installed along with ipchians and ipmasqad packages. I just dont know how to use them and what order.
You'll then need to edit your /etc/dhcpd.conf
Ok DHCPD , that some sort of deamon like wvdiaal.dod? right? o before I go furrther I need to figue out the dhcp set up , as right now my machines are hardcoded. Seems neat to use dhcp tp pass the ip address out as needed each time. You mentioned dhcp will assing a permant ip based on hardware ? Mac address right ? ipconfig to get this ? Dont't want to get into half way and then decide to change things around. what is involved in seting dhcp to pass them out based on hardware , then leave a range for temp add ins. Can this be done in yast ? or is this the kind of thing that you end up doing out of yast and then must update the config out side of yast ? How do you piont the clients win/linux to grab the ip address form the dhcp server ? Is this the same one that handles the firewalling/dial up ect... Is that secure to have it on the same dial up server ? I segmented the firwall/dial up bax onto a seperate on to keet it segmanted from tha samba server. JP or Goerge Toft strongly recamended the bastion aproach to keep the bad stuff away. Rgarding the firewalling , why the one from the suse web sight ? hows it diffrent from whats on the cd set ? Dial ups conections suck for big downloads ? whats icq ? I also note your tackling all this from outside of yast ? why ? yast to simplistic ? -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/