Re: Need network advice



Chuck Kuecker wrote:
Hello,

I am running Ubuntu 9.10 for my DNS, web page, and email server, as well
as to develop embedded Linux code for a customer. I have a development
kit that needs to access the Internet to serve an internal web page. My
Internet connection is T6 wireless broadband, and I have a static IP.

I installed a second Ethernet card in the Ubuntu box for the embedded
device to connect to. It is running on the 10.0.0.x network. My main
local network between the broadband modem and other computers, including
the Ubuntu box, is 192.168.0.x.

192.168.0.x is not a 'static ip' aka assigned real ip address. I assume
you have a router that does the appropriate natting for you...



The problems: First, I am running Firestarter as an interface to the
firewall, and have it set to allow traffic to my email and web servers
from the Internet. My DNS setup is working fine for this. When I have
the firewall enabled, the 10.0.0. network cannot reach the Ubuntu
machine for TFTP, HTTP, or email. If I disable the firewall, I can talk
to the development system via TFTP, and see the internal web page if I
enter the local IP in Firefox. The IP of the Ubuntu port is 10.0.0.1,
the development system is on 10.0.0.2. I can TFTP from the dev system to
the main box at 192.168.0.200 with the firewall off, but this fails with
the firewall on. I don't see any rules in Firestarter that should cause
this. A fix would be nice in that I would not have to kill the firewall
every time I want to access the development system, but if it's too much
trouble, I can live with this.

I suspect that firestarter will set the incoming policy to drop/reject.

please pastebin the output of 'iptables -L -n' at pastebin.ubuntu.com

I suppose that you already have ip forwarding enabled given your comment
about tftp working from 10.0.0.2 to 192.168.0.200.


Ultimately, I want the local DNS server to steer HTTP traffic for the
development system to its' internal IP, while HTTP traffic to my regular
web site goes to the main web server on the Ubuntu box at 192.168.0.200,
so my customer could access and interact with the development system.

Ugh...it would be so much easier with djbdns' tinydns...


Obviously, I cannot give him the internal IP address to put in his
browser. I think I need to make changes to the BIND configuration files,
and have studied the O'Reilly DNS and BIND book, but I just get more
confused.

heh. You need to use views. Fun, fun, fun.



I can post my DNS zone files if that helps.

Well, we could fix it up for you...unless you insist on doing the grind
yourself of course. Don't want to take away the fun from you.



Another thought occurred to me - could I simply put the development
system on the 192.168.0 network, and have my DNS steer traffic directly

???


to that IP? Do I really need two Ethernet ports in the main computer?

No...you could run two different subnets on the same physical network
but dhcp will not be possible in that environment. One interface can
take more than one ip and of different subnets too.


Maybe I am making this more complicated than I need to. I only installed
the second port because the examples in the O'Reilly book seemed to make
that look like the only way I could get it to work. The firewall issue
did not exist when everything was on the 192.168.0 network.

Any help would be greatly appreciated. I'm not a network person!


What do you want to achieve?

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



Relevant Pages

  • Need network advice
    ... I am running Ubuntu 9.10 for my DNS, web page, and email server, as well ... My DNS setup is working fine for this. ... the firewall enabled, the 10.0.0. ... to the development system via TFTP, and see the internal web page if I ...
    (Ubuntu)
  • Re: Need network advice
    ... I am running Ubuntu 9.10 for my DNS, web page, and email server, as well ... It is running on the 10.0.0.x network. ... My DNS setup is working fine for this. ... to the development system via TFTP, and see the internal web page if I ...
    (Ubuntu)
  • Re: Newbie
    ... I'm a Windows sysadmin who is new to Ubuntu. ... 2650 that I would like to configure as a firewall for my network. ... I agree here, if you have a low-end box, install smoothwall. ...
    (Ubuntu)
  • Re: Remote Desktop
    ... I presume you mean you want to connect to a Ubuntu (or other Linux ... to a Microsoft Windows machine using Microsoft Remote Desktop. ... I have opened up port 5900 and pointed it to the IP address of the ... have port 5900 open on the firewall to the remote computer. ...
    (Ubuntu)
  • Re: Remote Desktop
    ... I presume you mean you want to connect to a Ubuntu (or other Linux ... to a Microsoft Windows machine using Microsoft Remote Desktop. ... I have opened up port 5900 and pointed it to the IP address of the ... have port 5900 open on the firewall to the remote computer. ...
    (Ubuntu)