[LARTC] How to make Linux server transparent to internal machines?

All of lore.kernel.org
 help / color / mirror / Atom feed

* [LARTC] How to make Linux server transparent to internal machines?
@ 2002-05-31 21:55 Neil Aggarwal
  2002-05-31 22:01 ` Chris K Ellsworth
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Neil Aggarwal @ 2002-05-31 21:55 UTC (permalink / raw)
  To: lartc

Hello:

I have a block of static IP addresses on which I want to run
several Windows machines.

Since I want to have a firewall, I was thinking of using 1 IP
address for a linux server that will act as a firewall for
the entire setup.

So, here is a diagram:

  [Internet] -- [Linux Server] -- switch -- [Internal machines]

The linux server and the internal machines all have static
IP addresses which are public to the Internet.

How can I set-up routing so the Linux server is "transparent"
to the other machines?

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [LARTC] How to make Linux server transparent to internal machines?
  2002-05-31 21:55 [LARTC] How to make Linux server transparent to internal machines? Neil Aggarwal
@ 2002-05-31 22:01 ` Chris K Ellsworth
  2002-06-01  7:41 ` Stef Coene
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Chris K Ellsworth @ 2002-05-31 22:01 UTC (permalink / raw)
  To: lartc

what you want to do is setup a bridgeing firewall
http://bridge.sourceforge.net/
----- Original Message ----- 
From: "Neil Aggarwal" <neil@JAMMConsulting.com>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, May 31, 2002 2:55 PM
Subject: [LARTC] How to make Linux server transparent to internal machines?


> Hello:
> 
> I have a block of static IP addresses on which I want to run
> several Windows machines.
> 
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
> 
> So, here is a diagram:
> 
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
> 
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
> 
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
> 
> Thanks,
> Neil.
> 
> --
> Neil Aggarwal
> JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet Development    Websites, Ecommerce, Java, databases
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [LARTC] How to make Linux server transparent to internal machines?
  2002-05-31 21:55 [LARTC] How to make Linux server transparent to internal machines? Neil Aggarwal
  2002-05-31 22:01 ` Chris K Ellsworth
@ 2002-06-01  7:41 ` Stef Coene
  2002-06-01 13:33 ` JoseCarlos.Ramirez
  2002-06-03 15:41 ` Michael T. Babcock
  3 siblings, 0 replies; 5+ messages in thread
From: Stef Coene @ 2002-06-01  7:41 UTC (permalink / raw)
  To: lartc

On Friday 31 May 2002 23:55, Neil Aggarwal wrote:
> Hello:
>
> I have a block of static IP addresses on which I want to run
> several Windows machines.
>
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
>
> So, here is a diagram:
>
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
>
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
>
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
You can play with the routing on the Linux server.  The default gw of the 
linux server points to the internet, but for each internal machine, you add 
an extra route to the right NIC.  The internal machines have the ip-address 
of the LInux server as default gw.  You can even give both NIC's of the 
Linux-server the same ip-address so you don't losse one.  

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [LARTC] How to make Linux server transparent to internal machines?
  2002-05-31 21:55 [LARTC] How to make Linux server transparent to internal machines? Neil Aggarwal
  2002-05-31 22:01 ` Chris K Ellsworth
  2002-06-01  7:41 ` Stef Coene
@ 2002-06-01 13:33 ` JoseCarlos.Ramirez
  2002-06-03 15:41 ` Michael T. Babcock
  3 siblings, 0 replies; 5+ messages in thread
From: JoseCarlos.Ramirez @ 2002-06-01 13:33 UTC (permalink / raw)
  To: lartc

Excellent articles in there...

You can also set-up a Proxy-ARP firewall. This is basically a router but there is no 
need to set up/modify a gateway setting in the internal machines, all traffic passes 
through the router transparently (as in the bridge, but now switching is done at IP 
level -- i.e. "true" routing).

The pros: it's easier to set-up than the bridge code. there's no need to patch 
kernel code and/or commandline tools

The cons: slightly lower throughput, slightly lower security... but easier ;-)

José Carlos
JoseCarlos.Ramirez@isotrol.com

---- Mensaje original ----
De:		Chris K Ellsworth
Fecha:		Sat 6/1/02 0:02
Para:		lartc@mailman.ds9a.nl
Asunto:	Re: [LARTC] How to make Linux server transparent to internal machines?

what you want to do is setup a bridgeing firewall
http://bridge.sourceforge.net/

----- Original Message ----- 
From: "Neil Aggarwal" <neil@JAMMConsulting.com>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, May 31, 2002 2:55 PM
Subject: [LARTC] How to make Linux server transparent to internal machines?


> Hello:
> 
> I have a block of static IP addresses on which I want to run
> several Windows machines.
> 
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
> 
> So, here is a diagram:
> 
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
> 
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
> 
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
> 
> Thanks,
> Neil.
> 
> --
> Neil Aggarwal
> JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet Development    Websites, Ecommerce, Java, databases
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: [LARTC] How to make Linux server transparent to internal machines?
  2002-05-31 21:55 [LARTC] How to make Linux server transparent to internal machines? Neil Aggarwal
                   ` (2 preceding siblings ...)
  2002-06-01 13:33 ` JoseCarlos.Ramirez
@ 2002-06-03 15:41 ` Michael T. Babcock
  3 siblings, 0 replies; 5+ messages in thread
From: Michael T. Babcock @ 2002-06-03 15:41 UTC (permalink / raw)
  To: lartc

> The pros: it's easier to set-up than the bridge code. there's 
> no need to patch 
> kernel code and/or commandline tools
> 
> The cons: slightly lower throughput, slightly lower 
> security... but easier ;-)

I'd like to know why you think using proxy-arp is lower security than
bridging ...
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2002-06-03 15:41 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-31 21:55 [LARTC] How to make Linux server transparent to internal machines? Neil Aggarwal
2002-05-31 22:01 ` Chris K Ellsworth
2002-06-01  7:41 ` Stef Coene
2002-06-01 13:33 ` JoseCarlos.Ramirez
2002-06-03 15:41 ` Michael T. Babcock

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.