have to say I'd reconfigure the net first, but if you can't you can't...
I don't understand what you mean when you say that Oxygen took the
place of the DNS/NTP server -- as in replace or proxy or took its IP
address or what? Also pseudo network addresses would be helpful.
--
Jack Coates
Monkeynoodle: It's what's for dinner!
On Wed, 21 Feb 2001, David Douthitt wrote:
> I always seem to find my way into funny configurations.... sigh.... and
> find myself getting headaches because of it. I'll probably wind up
> changing the configuration anyway, but here it is:
>
> ************* ****************
> * DNS/NTP * * Server 3 *
> ************* ****************
> | |
> +------- Private Net -------+
> | |
> ************* ****************
> * Server 1 * * Oxygen/LRP *
> ************* ****************
> | |
> ------+------- Corp Net ----------+-------
> | |
> ************* ****************
> * My Wstn * * DBA Wstn *
> ************* ****************
>
>
> Server 1 (and three others like it not shown) do *NOT* route, and have
> ip forwarding turned off (they are HP-9000s). The LRP box does routing
> and firewalling.
>
> The problems I'm having one by one don't seem to be a big deal; add them
> all up and they add up to a BIG headache. Here are the "rules":
>
> MyWstn -> PrivateNet: UnrestrictedAccess
> DBAWstn-> Server3: UnrestrictedAccess
>
> Those aren't too hard. The more difficult part is that the Oxygen/LRP
> took the place of the DNS/NTP server listed above (and includes syslog
> and ssh too). So I want to do this:
>
> CorpNet NTP -> Oxygen -> NTP
> CorpNet NTP <- Oxygen <- NTP
>
> The headache comes in that I'm using this rule:
>
> ipchains -A forward -j MASQ
>
> So the firewall gets two packets:
>
> CorpNet -> Corp-ServerIP ..........redirected to protected server
> DNS/NTP-IP -> CorpNet .............response...
>
> On top of all this, I'm trying to build a sort of toolkit that will help
> myself and others do this easily.
>
> On top of all that, this means that there are "servers" on the
> firewall. The way I see it, there's about a million boundaries:
>
> WildNet -> firewall
> firewall -> WildNet
> TameNet -> firewall
> firewall -> TameNet
> WildNet -> TameNet ...this is actually WildNet -> firewall -> TameNet
> (two crossings!)
> TameNet -> WildNet ...this is actually TameNet -> firewall -> TameNet
> (two crossings!)
>
> Now add in forwarding - and maybe redirection - and that can triple all
> of these.
>
> How do you all handle such things and other very strange configurations
> without losing your MIND?
>
> ...or do you just reconfigure the net :-)
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-devel
>
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
