Here's the situation:
Net DSL Windowsbox LAN(dhcp) Linuxbox
The LAN, naturally, has a 192.168.0.0 range of IPs (I think it's a class C). The DSL modem is connected to the Winbox on USB and the LAN is a 5-port hub supporting a windows network, with my Linux box (say hello to gort, folks) creeping in using dhcpd.
The Linux box, and any box on the LAN, can access everything. I think the Net cannot access anything but the Windows box on the DSL modem (see http://gort.cjb.net/. That's the Winbox.).
Now I need POP3 (and HTTP et al, if possible) access to the Linux box from the outside world. IP forwarding is enabled on the Winbox.
What do I do now?
PS: Can I get a static IP on the internal network with minimal changes to the other boxen?
--- Satya satyap@satya.virtualave.net wrote:
Here's the situation:
Net DSL Windowsbox LAN(dhcp) Linuxbox
The LAN, naturally, has a 192.168.0.0 range of IPs (I think it's a class C). The DSL modem is connected to the Winbox on USB and the LAN is a 5-port hub supporting a windows network, with my Linux box (say hello to gort, folks) creeping in using dhcpd.
The Linux box, and any box on the LAN, can access everything. I think the Net cannot access anything but the Windows box on the DSL modem (see http://gort.cjb.net/. That's the Winbox.).
Now I need POP3 (and HTTP et al, if possible) access to the Linux box from the outside world. IP forwarding is enabled on the Winbox.
What do I do now?
PS: Can I get a static IP on the internal network with minimal changes to the other boxen?
First, since you're using a 192.168.x.x address, you cannot afford to connect this LAN to the outside world, since this address range is a private RFC 1918 assigned one. The Linux box is a part of this subnet, and so there would be no point in giving it a static IP on this LAN. What you could do however is to add a second NIC to the Linux box, give it an external static IP address (a public address, of course), and connect it to the outside world, after properly firewalling it.
If your DSL connection works anything like a sync serial PPP link, what you need to do is to ask your ISP to give you two static IP's, with one being for your Windows box on which you enable IP forwarding. Your ISP would actually assign you a (say) 4 address IP subnet, of which of course one address would go for the network address, one for broadcast and you would then have two addresses left. One address of these would be used for your Windows box and one for the Linux box. This is of course just my guess, that you can set DSL up the same way that you do a serial link - but I think it can be done. You would have to enable IP forwarding on your Windows box for this to work.
Another option is to use Network Address Translation (NAT), to rewrite IP packets coming in to access a particular service on a a private machine within the network. I do not really recommend this though, as the security issues can cause you a good deal of grief.
BTW, I find it rather curious that you're running a Windows box as a public host, when you have a far better (Linux) alternative. Why, why, why?
HTH,
Krishnan
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
On Aug 10, 2001 at 05:56, S. Krishnan wrote:
ISP ________ ________ side | | | | --------|WinBox |-----|LinuxBox|----- To private |________| |________| network
Enable IP fwdg on Win
No. And there's a lot of confusion about the network topology I have here, which I should have specified clearly in my original post:
WinboxNIC | DSL -- USBWinboxNIC -- Hub -- NICLinbox | NICWinbox
If he does not enable IP forwarding on the Windows machine, how is he going to connect the Linux box to the outside world so that outside people have access
Point.
to it? Remember, he wanted people to have web and POP3 access, so that obviously he needs the Linux
Correct.
suggestion, since you suggest two NIC's, one for the WAN and one for the internal LAN, and not to enable IP forwarding on Linux. You do not seem to have read my
I don't want IP forwarding on Linux. If that were the case, things would be very easy!
post correctly, since I had suggested that he enable IP forwarding on the gateway machine, which in fact is the Windows machine, and not on the Linux box.
Which I've already done. Now how to access the Linbox from outside?
Granted, I forgot to add that he needed an additional LAN card to provide routing services for a public IP address for the Linux box.
Hm hm hm?
using Windows forwarding services - but that will mean an additional network card on the Windows gateway.
The configuration shown above will do it, eh?
have no idea if it will support multipoint forwarding services, with one being NAT'ed and one with full access. Windows Proxy Server ought to work, however.
That's what I want, I think.
configure it that causes all the problems. Remember, you cannot access the outside world through a firewall unless it allows IP packets to be forwarded, whether it is on Windows or Linux or FreeBSD or whatever. That is what iptables, ipchains, ipfilter, ipfw, etc.
I get the general idea, but I need specifics. How do I address my Linux box from the outside now?
On Aug 10, 2001 at 20:21, premstud@vsnl.com wrote:
|--------| ______|__ |--------|ISP | 1 | | | --------|WinBox | |LinuxBox| |__ ___2_| |________| | |----- To private network
A static route is added from the NIC 1 to the linux box with
How to do that in Windows?
NIC 1 as the gateway for packets destined to the linux box.
And how to do that?
The lan connects to the windows gateway through the 2nd NIC, and is seprated from the external network.
In our case, there is one NIC for the internal network. All packets should go to it, and those meant for the Linbox will be picked up by it. How to translate external packets coming to 65.1.1.1 (e.g.) to 192.168.0.127 (e.g.)? And translate only those packets meant for the Winbox. NAT?
On Aug 10, 2001 at 02:32, S. Krishnan wrote:
First, since you're using a 192.168.x.x address, you cannot afford to connect this LAN to the outside world, since this address range is a private RFC 1918
::nodnodnod::
IP on this LAN. What you could do however is to add a second NIC to the Linux box, give it an external
Nonono.
Another option is to use Network Address Translation (NAT), to rewrite IP packets coming in to access a particular service on a a private machine within the network. I do not really recommend this though, as the security issues can cause you a good deal of grief.
Yes, but looks like this is the only way to go. What security issues? (Besides the obvious ones of having a box on the net.)
BTW, I find it rather curious that you're running a Windows box as a public host, when you have a far better (Linux) alternative. Why, why, why?
Existing legacy Windows network being invaded by the Linbox (say hello to gort, everyone).
--- Satya satyap@satya.virtualave.net wrote:
On Aug 10, 2001 at 05:56, S. Krishnan wrote: Which I've already done. Now how to access the Linbox from outside?
Granted, I forgot to add that he needed an
additional
LAN card to provide routing services for a public
IP
address for the Linux box.
Hm hm hm?
using Windows forwarding services - but that will
mean
an additional network card on the Windows gateway.
The configuration shown above will do it, eh?
have no idea if it will support multipoint
forwarding
services, with one being NAT'ed and one with full access. Windows Proxy Server ought to work,
however.
That's what I want, I think.
I get the general idea, but I need specifics. How do I address my Linux box from the outside now?
On Aug 10, 2001 at 20:21, premstud@vsnl.com wrote:
|--------| ______|__ |--------|ISP | 1 | | | --------|WinBox | |LinuxBox| |__ ___2_| |________| | |----- To private network
A static route is added from the NIC 1 to the linux
box with
How to do that in Windows?
NIC 1 as the gateway for packets destined to the
linux box.
And how to do that?
The lan connects to the windows gateway through the
2nd NIC, and is seprated from the external network.
In our case, there is one NIC for the internal network. All packets should go to it, and those meant for the Linbox will be picked up by it. How to translate external packets coming to 65.1.1.1 (e.g.) to 192.168.0.127 (e.g.)? And translate only those packets meant for the Winbox. NAT?
A pretty conundrum, Satya. Let me apply my mind (or what passes for one!) to it, and mail you on this tomorrow. Actually, the whole thing gets screwed up because of Windows. I assume you're using NT 4.0/ W2000. Could you tell me who your ISP is? That should give me an idea of the equipment that they deploy, which might help a little.
Cheers,
Krishnan
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
On Aug 10, 2001 at 10:05, S. Krishnan wrote:
tomorrow. Actually, the whole thing gets screwed up because of Windows. I assume you're using NT 4.0/
No kidding!
W2000. Could you tell me who your ISP is? That
It's XP or ME right now, but the guy is changing to W2K soon. The ISP is Directvdsl (I'm sure there're some StudlyCaps in there, but I don't know where).
--- Satya satyap@satya.virtualave.net wrote:
On Aug 10, 2001 at 10:05, S. Krishnan wrote: It's XP or ME right now, but the guy is changing to W2K soon. The ISP is Directvdsl (I'm sure there're some StudlyCaps in there, but I don't know where).
Satya, I did some checking, and we need to know how this guy is allocating IPs. DSL is a serial link, and the issue is of deserializing it at your end. Since you're using USB, I wonder what would happen if you used a USB hub. It just might take care of the necessary deserialization, so that in this case the connection mode would depend on the DSL carrier protocol. Actually, I know so little about DSL that I wouldn't be able to comment any further - I have absoultely no hands on experience or reading in this area. (If the link layer protocol is PPP, then you will have to route to his network, just like an ISP leased line, or so I presume. If on the other hand it is something other than a point-to-point protocol, maybe you can get two IPs off it directly.) WHy don't you talk to his network techs and see what they suggest?
If I get something else, I will mail you offlist.
Sorry for not replying before, but the office leased line was down (bless MTNL and their pointy little heads), so that I had to use my home dialup to reply.
Rgds,
Krishnan
__________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
A static route is added from the NIC 1 to the linux
box with
How to do that in Windows?
use the "route add" command. to see ur current routes use the "route print" command. route add (linux ip) (linux mask) (winnic1 ip) dest dest mask gateway
If he does not enable IP forwarding on the Windows machine, how is he going to connect the Linux box to the outside world so that outside people have access
Point.
why do u want to risk ur internal network from external attacks, ur diagrams itself states that u r using a hub. enable ip forwarding for packets destined to linux thru the winnic going to the hub, the other winnic leave it as it is. Since hub is shared media, ip will be broadcasted to all the ports, linux server will listen to the address being called in and will respond by the specific service.
krishnan, isps use a technique called Classless interdomain routing to reserve the present ip address for the maximum clients.
regards, prem.
----- Original Message ----- From: S. Krishnan sri_krishnan@yahoo.com To: linuxers@mm.ilug-bom.org.in Cc: satyap@satya.virtualave.net Sent: Friday, August 10, 2001 10:35 PM Subject: Re: [ILUG-BOM] Windows/Linux IP forwarding?
--- Satya satyap@satya.virtualave.net wrote:
On Aug 10, 2001 at 05:56, S. Krishnan wrote: Which I've already done. Now how to access the Linbox from outside?
Granted, I forgot to add that he needed an
additional
LAN card to provide routing services for a public
IP
address for the Linux box.
Hm hm hm?
using Windows forwarding services - but that will
mean
an additional network card on the Windows gateway.
The configuration shown above will do it, eh?
have no idea if it will support multipoint
forwarding
services, with one being NAT'ed and one with full access. Windows Proxy Server ought to work,
however.
That's what I want, I think.
I get the general idea, but I need specifics. How do I address my Linux box from the outside now?
On Aug 10, 2001 at 20:21, premstud@vsnl.com wrote:
|--------| ______|__ |--------|ISP | 1 | | | --------|WinBox | |LinuxBox| |__ ___2_| |________| | |----- To private network
A static route is added from the NIC 1 to the linux
box with
How to do that in Windows?
NIC 1 as the gateway for packets destined to the
linux box.
And how to do that?
The lan connects to the windows gateway through the
2nd NIC, and is seprated from the external network.
In our case, there is one NIC for the internal network. All packets should go to it, and those meant for the Linbox will be picked up by it. How to translate external packets coming to 65.1.1.1 (e.g.) to 192.168.0.127 (e.g.)? And translate only those packets meant for the Winbox. NAT?
A pretty conundrum, Satya. Let me apply my mind (or what passes for one!) to it, and mail you on this tomorrow. Actually, the whole thing gets screwed up because of Windows. I assume you're using NT 4.0/ W2000. Could you tell me who your ISP is? That should give me an idea of the equipment that they deploy, which might help a little.
Cheers,
Krishnan
Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Next Lug Meet on 17th August on IRC @ #linuxers Linuxers mailing list
Linuxers@mm.ilug-bom.org.in
--- Prem D'Souza premstud@vsnl.com wrote:
krishnan, isps use a technique called Classless interdomain routing to reserve the present ip address for the maximum clients.
I'm quite conversant with CIDR actually - its been around since the early 90's. If you see my explanation of subnets, you'll realize that what I have described uses VLSMs (Variable Length Subnet Masks), which are the basis of CIDR addressing. You would have needed to refer me to CIDR if I had proposed classful routing, which I haven't.
The issue here is not the use of CIDR ar all - we're talking tiny subnets of 2 clients, 4 clients, etc, which are smaller than the smallest classful netmask (class C, which does 254 usable net addresses). What I described was how ISPs actually *have* wastefully allocated addresses in the past - using VLSMs! If you read my post through, you'll find that I have deprecated this practice.
Incidentally, that still does not address the issue of deserializing a (hypothetical) PPPOE connection, since the DSL link is a copper pair which is translated at the premise edge - into what, I do not know.
If you'd like to discuss this further, please mail me offlist, since much of this stuff is not pertinent to the ILUG-BOM mailing list.
Rgds,
Krishnan
__________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Hi,
I am trying to use Big Brother (a monitoring tool) to watch system processes.
For this I need a list of system process, which I get by doing a ps -efwww
(1 java program showing up as multiple entries in the ps output is not a problem)
However, for my java processes, after a while, I see [java] in the output of ps, instead of the full command line.
Any hints why this happens ??
Thanks Shahed.
-
Prem D'Souza -
S. Krishnan -
Satya -
Shahed Moolji