At 08:50 AM 7/13/02 -0700, Harold Miller wrote:
Lynn,
Maybe I'm hiking off in the wrong direction.
I wanted to have a MASQ'd windows net, and 3 Internet Servers (WWW/DNS,
SMTP/DNS, WWW) connected via a Bering RC3 firewall to a Cable modem on the
Internet. I assumed (yes, I know what it stands for) that to do that I would
need 5 IP's in the same subnet,
I count 4 addresses, not 5 -- one for the router itself and one for each of
the 3 servers. The NAT'd LAN does not need a separate external address; it
uses the router's own address externally.. Actually, if you did it by
service, not by server, you could get by with 3 addresses ... but doing it
that way is a bit trickier then you probably want to try for.
As to the same subnet part, see below.
with the firewall eth0 being the connection
to the INTERNET, and eth2 being the gateway for the servers to toss their
data to. eth3 would service the MASQ'd boxes. When it was all running I was
gonna TRY to config eth1 as a backup net connection, perhaps using DSL or
ISDN.
The backup will also be tricky, at least for the servers, unless you go to
something a lot more complex (and probably expensive) than you are likely
to have in mind.
Is there a better plan? The Cable Co will sell me 5 IP's, but they may NOT
be in a sub-net and they have to be issued at least once thru their DHCP
server, to avoid conflicts with their other clients. I've never tried
routing individual, non-related IP's thru a firewall...
They can't be *completely* non-related. They will have to be on some
definable network, or else the ISP won't be able to handle the routing in
any sensible way. But they may be non-continguous addresses on a /24 or /22
(or whatever the ISP uses) network.
Individual addresses can be handled with proxy arp, and that is probably
the easiest way to do what you want. You can'ty simply route them unless
the ISP cooperates, modifying its routing table to identify the LEAF
router's IP address as its route to the other 3 (or 4).
The tricky part for proxy arp is the DHCP part. I don't know of a way for
the LEAF router to acquire, via DHCP, multiple addresses, then proxy-arp
(and pass on to the actual servers) all but one of them. If the addresses
are stable, though (I infer they might be from the at least once phrase),
you can just get the ISP to issue them initially by connecting the hosts
directly to the ISP, then treat them as static addresses for proxy arp setup.
OTOH, if the addresses will change a lot, then how do you propose to use
them to run servers? You appear to be intending to run authoritative DNS
servers for your domain locally (otherwise your DNS resolvers do not need
to be Internet servers), and to do that, you need stable, predictable IP
addresses, not ones that change at the cable company's whim.
Thank you for your time. I DO APPRECIATE the prompt, and mostly accurate
support this group provides. Perhaps some day I can assist, when I've a bit
more experience in this specific arena. (I'm not afraid of writing technical
documentation.)
--
---Never tell me the
odds!--
Ray Olszewski-- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
---
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
