From: Arnt Karlsen <arnt@c2i.net>
To: netfilter@lists.netfilter.org
Subject: ..migrate 35 big firms, some remote, to a 10/8 net or several smaller, was Re: (no subject)
Date: Wed, 12 Mar 2003 03:44:28 +0100 [thread overview]
Message-ID: <20030312034428.6080bdc9.arnt@c2i.net> (raw)
In-Reply-To: <000401c2e755$11080590$5efffacc@fntax.com>
On Mon, 10 Mar 2003 14:33:26 -0800,
"William Beattie" <williambeattie@msn.com> wrote in message
<000401c2e755$11080590$5efffacc@fntax.com>:
> Hello,
>
> I have a fairly complicated network which I have to maintain
> connectivity with 20 different customers over private line or frame
> relay and 14 remote offices using frame relay. Most of the customers
> use 10.x.x.x or 192.168.x.x subnets. In order to not conflict with
> the customer networks I am using all public IP addresses locally and
> at my remotes. (Ya, Ya, I know)
>
> Now I have a mandate from our corporate IT to migrate/RE-IP my entire
> network to 10.x.x.x.
..with net-nazi power, I hope?
> Right away with the 10.x.x.x subnets I have been assigned for this
> office I immediately conflict with at least one customer circuit.
..grab some 10.x.y/24 nets and use those to link _everything_ else,
you'll wanna use one as the backbone link net.
If you can, try to separate all the site's public servers, into
dmz's away from each sites lan, you may also want to tunnell
conflicting traffic, and it is also possible to throttle traffic.
> IPTABLES looks like the way to go but I need some helpful suggestions.
>
>
> I need to do source and destination nat because we connect to machines
> on their side and they connect to machines on our side.
>
> I need to restrict incoming internet traffic on this firewall to
> basically 5 IP addresses or so and restrict outgoing internet access
> to a list of sites for my general population and full internet ports
> 80, 443, 20:21, 23 for a select group.
..here, check http://tldp.org/HOWTO/Adv-Routing-HOWTO/ to
learn throttling, tunneling:
http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETVPN
and general iptables usage:
http://iptables-tutorial.frozentux.net/chunkyhtml/
( or, we could agree on a good price. ;-) )
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
prev parent reply other threads:[~2003-03-12 2:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-10 22:33 (no subject) William Beattie
2003-03-12 2:44 ` Arnt Karlsen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030312034428.6080bdc9.arnt@c2i.net \
--to=arnt@c2i.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.