Re: [SLE] Routing issues with eth1(internal) & eth2(external)
From: Ken Schneider (suse-list_at_bout-tyme.net)
Date: 05/18/05
- Previous message: Sean Rima: "[SLE] Downloading 9.3 Live on a 1mb/s Wifi hotspot"
- In reply to: Mark A. Taff: "Re: [SLE] Routing issues with eth1(internal) & eth2(external)"
- Next in thread: Stan Glasoe: "Re: [SLE] Routing issues with eth1(internal) & eth2(external)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Wed, 18 May 2005 16:30:26 -0400
On Wed, 2005-05-18 at 10:50 -0700, Mark A. Taff wrote:
> On Wednesday 18 May 2005 07:23, Ken Schneider wrote:
> > There is no need to reach the router's external IP (internally), only
> > the internal IP. Let the router do the job it was designed for, route
> > traffic.
> >
> >
> >
> > No. The problem seems to be in your logic. If you can access liberty1
> > from the internet you can then access all of the internal machines via
> > eth1
> > Let the router handle the connection to liberty1 via port forwarding. I
> > believe the d-link can handle this, I know linksys routers can.
> > port forward ssh from the router to liberty1-int but no other ports,
> > unless needed for other services and then you can setup a vpn tunnel to
> > further protect any traffic between your internet connection and
> > liberty1. Then you can eliminate liberty1-ext interface and the hub by
> > having the cable/modem connect directly to the d-link wan port.
> >
> Thanks for the help. I understand that if I can access liberty1 from the
> internet, then I can access every other host on my internal network. Here is
> what I want to be able to accomplish:
>
> Liberty1 will be running sshd, apache, mysql, postgresql, subversion, possibly
> a mail server, and maybe from time to time remote X (just cause it impresses
> windows users ;-). It will also serve as a file server (using fish/ssh in
> KDE). Liberty1 is to be a development server.
>
> Here's the issue: I will be hanging lots of stuff on this box, with many
> layers of abstraction. At the base, I need to be able to connect with the
> same connection string, regardless of whether I am at work, at home, or
> traveling. I also need full access to the internal network from liberty1,
> hence the reason I put liberty1-int in the machine.
>
> This is because liberty1 serves as my backup machine, i.e. if something goes
> wrong with my laptop, I like having liberty1 be fully functional to help me
> fix my laptop.
>
> Currently, I have liberty1-int and liberty1-ext defined in /etc/hosts with the
> internal and external ip addresses, respectively. So at home I need ssh
> root@liberty1-int, and at work ssh root@liberty1-ext.
>
> Just forwarding all ports on the router to point to liberty1 can be done, but
> then I lose the ability to host any services on any of the other machines on
> my network. Further, the router has unreasonable limitations built in, such
> as max of 10 (I think) firewall rules (not counting the default deny).
>
Then as I see it liberty1-ext would be in a DMZ which is fine. You can
then use that address for connecting to liberty1 as well as run other
services out ot the internet.
As far as the other boxes go use the router to port forward as needed.
Routing:
liberty1 - default route should be liberty1-ext
additional route for the internal network pointing to router
via liberty1-int
All other machines would have there default route point to the router.
With this you have no problems with all other machines reaching the
internet through the router and can also reach liberty1 through the
internal nic.
Every device in the network should have a default route (I think) so
that it knows where to send packets that are not known locally.
If you follow it like this:
pc-a is connected to a local router (the d-link)
pc-a whats to connect to liberty1. The d-link knows about liberty1 and
sends the request to liberty1 directly.
Now pc-a wants to connect to somewhere.com. The d-link doesn't know
about somewhere.com and sends a request out to the internet name servers
asking for the address to somewhere.com, gets a response and forwards
the packet to somewhere.com. This is over simplified but you should get
the idea about routing. If you don't know first hand about a destination
send the request through your default route.
At the last place I worked even the outside router that connected
directly to the ISP had a default route which pointed the to ISP's
router that it was connected to.
-- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Sean Rima: "[SLE] Downloading 9.3 Live on a 1mb/s Wifi hotspot"
- In reply to: Mark A. Taff: "Re: [SLE] Routing issues with eth1(internal) & eth2(external)"
- Next in thread: Stan Glasoe: "Re: [SLE] Routing issues with eth1(internal) & eth2(external)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
