Re: Need network advice

Chuck Kuecker wrote:

I am running Ubuntu 9.10 for my DNS, web page, and email server, as well
as to develop embedded Linux code for a customer. I have a development
kit that needs to access the Internet to serve an internal web page. My
Internet connection is T6 wireless broadband, and I have a static IP.

I installed a second Ethernet card in the Ubuntu box for the embedded
device to connect to. It is running on the 10.0.0.x network. My main
local network between the broadband modem and other computers, including
the Ubuntu box, is 192.168.0.x.

192.168.0.x is not a 'static ip' aka assigned real ip address. I assume
you have a router that does the appropriate natting for you...

The problems: First, I am running Firestarter as an interface to the
firewall, and have it set to allow traffic to my email and web servers
from the Internet. My DNS setup is working fine for this. When I have
the firewall enabled, the 10.0.0. network cannot reach the Ubuntu
machine for TFTP, HTTP, or email. If I disable the firewall, I can talk
to the development system via TFTP, and see the internal web page if I
enter the local IP in Firefox. The IP of the Ubuntu port is,
the development system is on I can TFTP from the dev system to
the main box at with the firewall off, but this fails with
the firewall on. I don't see any rules in Firestarter that should cause
this. A fix would be nice in that I would not have to kill the firewall
every time I want to access the development system, but if it's too much
trouble, I can live with this.

I suspect that firestarter will set the incoming policy to drop/reject.

please pastebin the output of 'iptables -L -n' at

I suppose that you already have ip forwarding enabled given your comment
about tftp working from to

Ultimately, I want the local DNS server to steer HTTP traffic for the
development system to its' internal IP, while HTTP traffic to my regular
web site goes to the main web server on the Ubuntu box at,
so my customer could access and interact with the development system. would be so much easier with djbdns' tinydns...

Obviously, I cannot give him the internal IP address to put in his
browser. I think I need to make changes to the BIND configuration files,
and have studied the O'Reilly DNS and BIND book, but I just get more

heh. You need to use views. Fun, fun, fun.

I can post my DNS zone files if that helps.

Well, we could fix it up for you...unless you insist on doing the grind
yourself of course. Don't want to take away the fun from you.

Another thought occurred to me - could I simply put the development
system on the 192.168.0 network, and have my DNS steer traffic directly


to that IP? Do I really need two Ethernet ports in the main computer? could run two different subnets on the same physical network
but dhcp will not be possible in that environment. One interface can
take more than one ip and of different subnets too.

Maybe I am making this more complicated than I need to. I only installed
the second port because the examples in the O'Reilly book seemed to make
that look like the only way I could get it to work. The firewall issue
did not exist when everything was on the 192.168.0 network.

Any help would be greatly appreciated. I'm not a network person!

What do you want to achieve?

ubuntu-users mailing list
Modify settings or unsubscribe at: