> -----Original Message----- > From: plug-discuss-admin@lists.plug.phoenix.az.us > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Armand > Sent: Saturday, February 17, 2001 6:35 PM > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Firewall on CableOne; Help > > > Craig White wrote: > > > [snip] > > Armand - your question indicates the confusions since it is > unclear what you > > are asking. > > > > Apparently, you have a dual-NIC Windows NT (MS Proxy Server?) > > IP Address (public) 24.116.64.118 > > IP Address (private) 192.168.1.200 > > They're both the same dual boot computer right now with a floppy distro > as the linux > > > and a linux computer > > IP Address (private) 192.168.1.200 (same as Windows NT Server?) > > IP Address (private) 192.168.0.200 (where does this go?) > > This goes into a hub. > > > and significantly - > > gateway address 192.168.0.1 (what computer/hardware is this?) > > dns server 192.168.0.25 (is this another computer that's a caching dns > > server?) > > > > so first, I gotta ask... > > why the two private lan networks...192.168.0. & 192.168.1.? > > Workstation configured this on it's own. > > > then I gotta ask... > > if the Windows NT Server is already exposed to the internet, > what role does > > the linux firewall play? > > It's like a dual boot machine, I just booted into windows to see what > the network looked like. > I plan to use my development machine behind the firewall > > > Craig > -- Well then, set up the trinux (not familiar with this one) just like the Windows NT... (eth0) 24.116.64.118 (I would presume a 255.255.255.0 subnet mask) (eth1) 192.168.1.200 (I would presume a 255.255.255.0 subnet mask) (gateway) 24.116.64.1 primary nameserver 24.116.0.201 and then any computer on the local network (private)... would be 192.168.1.x (subnet mask 255.255.255.0) where x is not 200 and default gateway would be 192.168.1.200 and name server would be 24.116.0.201 and somewhere in the ruleset you would masquerade the internal networked computers /sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.1.0/24 -d 0.0.0.0 but the last bit about masquerading may be handled differently on the trinux Craig