[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

RE: [LI] leased line and linux

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [LI] leased line and linux
From: Prashast@xxxxxxxx
Date: Sat, 30 Oct 1999 14:05:52 +0530
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

[begin snip]
now my doubt is how can i map the traffic from my organization to the IP's
which my ISP has given , my subnet is different from that of ISP do i need
to change the subnet
or there is a work around,some of the suggestions i got from friends were to
assign a private ip
to the router ie 192.169.0.1 then point in all the nodes this ip as the
gateway , i am unable to figure out who is going to take care of the
routing table do i have to do some modifcations on the router or the
linux box will forward the traffic to the world.
[end snip]

Don't try to make your Linux box or router as a router to send packets over
the internet. Your packets will not even be acknowledged by other servers on
the internet.

[begin snip]
Linux box with two network cards acting as a router to do the job of
router as well as proxy server. This is ruled out since we have a
router,

thanks and regards
s.goswami
[end snip]

What you probably have is :

leased line ->Modem->Router->Hub/switch->All machines
or
leased line ->Modem->Router->Hub/switch->Linux box->different
hub/switch->All machines

1. If you have the first kind of setup, you need to switch to the second
kind.
2. Configure your Router with the first IP given by VSNL.
3. Configure the Router as per directions from VSNL (With a gateway setting
of the router on VSNL's side etc.)
4. change the IP on one of the machines to the IP range given by VSNL. Set
Gateway as your own router. Ping the VSNL Servers to see that the above
phase was completed OK.
5. Setup your Linux box with the 2 IP addresses on two NICs. Connect the
outside card to the hub connected to the router and the other NIC to the hub
inside.
6. Disable IP forwarding on your Linux box.
7. Setup the Router's IP as the default gateway on the Linux box.
8. Install BIND, Squid and your favourite mail software on the server.
9. Configure BIND the way VSNL instructs (or read man).
10. Configure squid to act as proxy allowing everyone from your protected
segment to use it.
11. Continue using your internal IP range in office.

You cannot route packets to the internet. You have to use a proxy. Squid is
an excellent HTTP caching proxy. Apache can also do some proxying but is not
very efficient.

A Proxy server is a machine that has a valid Internet IP address and sends
packets out on behalf of it's clients.

So, your clients will request a page from the proxy. The proxy will fetch
the page from the internet and give to your clients.

Proxy servers by default disable a lot of unsecure ports so this is usually
a good idea from security point of view. Also, evil crackers (as opposed to
hackers - who are not necessarily evil) cannot touch your office machines
without compromising the Linux box as they are not visible on the internet.

If you have more specific questions, I'll be happy to try and answer.

Prashast Kumar
ICO
NIIT Ltd.
6203389
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Prev by Subject: Re: [LI] leased line and linux
Next by Subject: Re: [LI] leased line and linux
Previous by thread: Re: [LI] leased line and linux
Next by thread: Re: [LI] leased line and linux
Index(es):
- Subject
- Thread