IP Issue

IP Issue

[Paulo Andre]

I have a firewall with 6 network cards, now 2 of the cards have IP address'es 
within a range that is subnetted  (DMZa and DMZb). When I try to http browse 
a server on DMZa then I get and error unless I ping it first.
I have heard from someone that linux has a arp problem with IP's within the 
same range, is this true or someone know what the issue could be?

Paulo

IP issue

[Thamara Wanigatunga]

Dear Gurus,

I need to have 4 web servers behind a iptables packet
filter, could i achive this through alised ips. Or
what could you recomend. Please help ..

Regards



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

Re: IP issue

[Sandro Dentella]

On Wed, Nov 23, 2005 at 12:58:59PM -0800, Thamara Wanigatunga wrote:
> Dear Gurus,
> 
> I need to have 4 web servers behind a iptables packet
> filter, could i achive this through alised ips. Or
> what could you recomend. Please help ..


I normally do that with proxy arp. I think I read about it on LARTC Howto
some years ago. It works just fine. I don't know if it's the best way. 

So no need to use alias, just two interfaces w/ same IP, a little bit of
routing info and just iptables to forward what you need/like.

sandro
*:-)


-- 
Sandro Dentella  *:-)
e-mail: sandro@e-den.it 
http://www.tksql.org                    TkSQL Home page - My GPL work

Re: IP issue

[John A. Sullivan III]

On Wed, 2005-11-23 at 12:58 -0800, Thamara Wanigatunga wrote:
> Dear Gurus,
> 
> I need to have 4 web servers behind a iptables packet
> filter, could i achive this through alised ips. Or
> what could you recomend. Please help ..
> 
<snip>
I assume you want each to have a unique public IP and perform NAT on the
iptables firewall.  If that is the case, One typically adds the NAT
rule(s), the access control rules in the FORWARD chain and binds the IP
address to the public interface of the iptables firewall using iproute2.
There is a slide show training session about using iproute2 in the
training section of http://iscs.sourceforge.net
Hope this helps - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

Financially sustainable open source development
http://www.opensourcedevel.com

Re: IP issue

[Edmundo Carmona]

Well.. maybe this can work:

You could set apache on the iptables box, and set four separate
virtual hosts to simply rewrite the request to forward them to the
four inner servers.

Check Apache's ProxyPass.

On 11/23/05, John A. Sullivan III <jsullivan@opensourcedevel.com> wrote:
> On Wed, 2005-11-23 at 12:58 -0800, Thamara Wanigatunga wrote:
> > Dear Gurus,
> >
> > I need to have 4 web servers behind a iptables packet
> > filter, could i achive this through alised ips. Or
> > what could you recomend. Please help ..
> >
> <snip>
> I assume you want each to have a unique public IP and perform NAT on the
> iptables firewall.  If that is the case, One typically adds the NAT
> rule(s), the access control rules in the FORWARD chain and binds the IP
> address to the public interface of the iptables firewall using iproute2.
> There is a slide show training session about using iproute2 in the
> training section of http://iscs.sourceforge.net
> Hope this helps - John
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan@opensourcedevel.com
>
> Financially sustainable open source development
> http://www.opensourcedevel.com
>
>
>

Re: IP issue

[Bhavatosh]

On Wed, 2005-11-23 at 16:46 -0500, John A. Sullivan III wrote:
> On Wed, 2005-11-23 at 12:58 -0800, Thamara Wanigatunga wrote:
> > Dear Gurus,
> > 
> > I need to have 4 web servers behind a iptables packet
> > filter, could i achive this through alised ips. Or
> > what could you recomend. Please help ..
> > 
> <snip>
> I assume you want each to have a unique public IP and perform NAT on the
> iptables firewall.  If that is the case, One typically adds the NAT
> rule(s), the access control rules in the FORWARD chain and binds the IP
> address to the public interface of the iptables firewall using iproute2.
> There is a slide show training session about using iproute2 in the
> training section of http://iscs.sourceforge.net
> Hope this helps - John

You can use the reverse proxy functionality of squid also.

With that create the acceleration services for all the web servers in
reverse proxy.

Regards,
Bhavatosh