Firewall on CableOne; Help

Craig White craigwhite@azapple.com
Sat, 17 Feb 2001 18:40:31 -0700 

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Armand
> Sent: Saturday, February 17, 2001 6:35 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Firewall on CableOne; Help
>
>
> Craig White wrote:
> >
> [snip]
> > Armand - your question indicates the confusions since it is
> unclear what you
> > are asking.
> >
> > Apparently, you have a dual-NIC Windows NT (MS Proxy Server?)
> > IP Address (public) 24.116.64.118
> > IP Address (private) 192.168.1.200
>
> They're both the same dual boot computer right now with a floppy distro
> as the linux
>
> > and a linux computer
> > IP Address (private) 192.168.1.200 (same as Windows NT Server?)
> > IP Address (private) 192.168.0.200 (where does this go?)
>
> This goes into a hub.
>
> > and significantly -
> > gateway address 192.168.0.1 (what computer/hardware is this?)
> > dns server 192.168.0.25 (is this another computer that's a caching dns
> > server?)
> >
> > so first, I gotta ask...
> > why the two private lan networks...192.168.0. & 192.168.1.?
>
> Workstation configured this on it's own.
>
> > then I gotta ask...
> > if the Windows NT Server is already exposed to the internet,
> what role does
> > the linux firewall play?
>
> It's like a dual boot machine, I just booted into windows to see what
> the network looked like.
> I plan to use my development machine behind the firewall
>
> > Craig
>
--
Well then, set up the trinux (not familiar with this one) just like the
Windows NT...

(eth0) 24.116.64.118 (I would presume a 255.255.255.0 subnet mask)
(eth1) 192.168.1.200 (I would presume a 255.255.255.0 subnet mask)
(gateway) 24.116.64.1
primary nameserver 24.116.0.201

and then any computer on the local network (private)...
would be 192.168.1.x (subnet mask 255.255.255.0) where x is not 200
and default gateway would be 192.168.1.200
and name server would be 24.116.0.201
and somewhere in the ruleset you would masquerade the internal networked
computers
/sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.1.0/24 -d 0.0.0.0

but the last bit about masquerading may be handled differently on the trinux

Craig