<SIGH> Is someone playing with the list's Reply-To: address...?? Sent this earlier; but it didn't make to the list because the list was not included in my Reply... Martyn, I've corrected my resonse below... was groggy when I replied this morning and my brain was reversing base10 & base16 math... :P Pierre -------- Original Message -------- Subject: Re: [expert] Firewall / Router Advice Date: Fri, 27 Apr 2001 09:58:54 -0400 From: Pierre Fortin <[EMAIL PROTECTED]> To: Martyn Wendon <[EMAIL PROTECTED]> References: <A1E0FEB3E411D411AD1F0030050124811844CC@NEO> Martyn Wendon wrote: > > Hello Expert List! > > If possible can anybody advise me on the following scenario: > > My home network (4 pcs and a laptop of varying Windows / Linux versions) > currently accesses the Internet via a 3Com OfficeConnect ISDN router. The > machines are connected to a hub, which in turn uplinks to the router. > Currently the router has an internal IP address of 172.18.9.30 and the > machines have IP's in the range of 172.18.9.* - On connecting to my ISP a > dynamic IP is allocated to the external port of the router and it performs > NAT accordingly. The default gateway in each machine is set to the internal > IP of the router and everything works fine. > > What I'm trying to do is put a Linux box (Mandrake 7.2) as a proxy server / > firewall in between the hub and the router to increase security and offer > proxying facilities. I'm fairly new to Linux (been playing with Mandrake > for about 6 months), but have a reasonable knowledge of networking. Then you should know that routing is a Layer 3 issue and requires separate [sub]networks to be able to route between... > So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100 > and is connected to the router and eth1 is 172.18.9.101 and is connected to Even if you had managed to put .100 and .101 in different subnets with a mask=255.255.255.252 (or /30)), one would be a broadcast address (.100=01100100 & .101=01100101) > the hub of the internal network. I've enabled routing in linuxconf, and the > default gateway is set at 172.18.9.30, at this point from this Linux box I > assumed that I would be able to a:) ping the other machines on my network > and b:) be able to ping the router / internet. But I can only ping the > router and the internet, not the internal network. I also assumed > (wrongly?) that I'd still be able to ping the router / internet from the > rest of the machines. So now I'm a little stuck - too many years of plug > and pray with Microsoft have taken their toll! Depending on the addresses of your internal machines you may have to re-address/mask those boxes; but you WILL have to re-address eht0 and/or eth1. The quickest fix (fewest changes will be to change 172.18.9.x on your router and eth0 to 172.[16-31].[0-255].x (except 172.18.9.x) For those suggesting 192.168.x.y, that is valid but Martyn is using another range of addresses as specified in RFC1918: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) which is why I'm staying within his selected range. > I'd appreciate any help on getting this all set up correctly, I've got a > copy of PMFirewall and Squid - although I'm open to suggestions if there's > anything better - but first things first I'd like to get the Linux box > working as a simple "middle man" between the hub and router...... Just fix your addresses to allow the Linux box to have a clue as to how to route... :^) Pierre > Many thanks, > > Martyn -- Support Linux development: http://www.linux-mandrake.com/donations/ Last reboot reason: 01/03/27: winter storm 6hr power outage