[SATLUG] Network Design: Firewall, BIND, Apache, SAMBA, Qmail
Philip J Beyer
post+satlug at paladin-its.com
Wed Aug 21 13:13:01 CDT 2002
> Me again: I asked the question. Let me try to ask the
> question using an example.
>
> Internet Client requests page from my webserver at IP
> address 208.1.1.1. Client successfully connects and my
> webserver returns the goods. Now, in my local network a
> computer w/ an ip address of 192.1.1.1 wants to connect to my
> webserver. Since the webserver isn't using a 192.x.x.x IP
> address, how can my local networked computer communicate with
> it? Or, for that matter, if the local computer wants to surf
> the internet and it has to pass through my webserver to get
> there, what do I do to make that possible since the IP
> addresses are different? Is there a /etc file that I'll need
> to modify? Or is this something that I can configure on my
> DNS server w/ BIND?
ok... i figured you were asking that question, so here is the
non-trivial answer:
it depends ;-)
:: is NAT working? ::
do you already have computers with private ips connecting to the 'net
from your private network? if not, you need to setup Network Address
Translation (NAT) first, and since that depends on your OS and setup,
i'll leave that discussion to someone else at another time
:: ok, once NAT works ::
what is doing your NAT (or masquerading for some of you) for you? a
dedicated Cable/DSL router box? or a standalone firewall? or a PC
running *nix?
which computer is running the webserver? the one directly connected to
the 'net? another on your internal network or a DMZ?
the complexity of the problem lies in which network interface has the
public ip address that you are advertising via dns... if the pub ip is
on a standalone box or port forwarding is being used on your gateway,
then you WILL need to have host-to-ip mappings for your internal
machines... if the pub ip is just another ip alias on one of your
interfaces, and the webserver is running on the same box, then you'll be
ok using the pub-ip-to-hostname mapping
> Also, is there better terminology that I should be
> using to describe my question? Is what I'm describing
> something akin to a "router" or "gateway"?
the words router and gateway are typically interchangeable...
technically though, a gateway "forwards" packets between different
network segments only, and a router performs the duties of a gateway as
well as making informed decisions about how to get the packets from one
destination to another
Phil
More information about the Satlug
mailing list