[Linux-Anyway] Re: Virtual host going through isp
- From: horrorvacui@xxxxxxx
- To: Linux-Anyway@xxxxxxxxxxxxx
- Date: Tue, 4 Mar 2003 02:38:35 +0100
On Mon, 3 Mar 2003 16:36:37 -0800 (PST)
Meph Istopheles <meph@xxxxxxxxxxx> wrote:
>
> Horror,
>
> Poking round, as mentioned earlier -- I've never done this
> before, I'd set the nic on the Linux box to have two ip's, the
> static provided by my isp, & 10.0.0.1 (changing the one on the
> W2k box to 10.0.0.2). Don't know what else has to be set, so the
> W2k box still won't connect.
Well, just the masquerade, and w2k is to use the linux box with
masquerading as gateway. Set up static routes between the private address
range and your public addresses so all boxes can talk to each other too,
while you're at it.
>
> > Just set up Masquerading or a proxy on it, configure "private"
> > machines to use it as Gateway, and you're set.
>
> OK. I suppose masqing is the way to go....
A proxy might be a bit easier to set up and configure. Plus, if you want
to spy on your family, you get proxy logs, and you can set up content
filtering to bugger the hell out of them too ;-) I'm quite sure any distro
has squid packaged. I use masquerading, but I've used the SuSE firewall
scripts to set it up (just changed a no to a yes where it said
"masquerading"), and don't know how much of a help would I be with setting
rules that work. From what I've read about it, it doesn't seem to be too
difficult, it's just adding a firewall rule, only I never did it myself.
>
> Don't know I understand what you mean. Sure, I want to make
> the Linux box a gateway for an internal network, & I would like
> (as the Linux box has more hard drive space) to be able to get to
> my mp3's. If need be, I'll take up the space on the W2k box &
> http the files over, but would rather not, ya know?
I'm talking about running various servers on the private, masqueraded
network. Outward communication works fine (when you're browsing the web on
the w2k, for instance), but running a server there needs additional setup.
Machines on the internet don't see the masqueraded network, they think
they're talking with the masquerading box, which is indeed the only box
they can talk with. Basically, if you wish to run apache on a machine
10.0.0.2, you need to configure the masquerading box to listen on port 80,
masquerade requests and route them to 10.0.0.2:80. This too is transparent
- the machines requesting pages from 10.0.0.2 think they're requesting and
becoming them from apache running on the masquerading box.
Hm, I somehow got entangled into this explanation. Hope you understand
anything, I barely understand it myself.
>
> > Out of curiosity: are you doing your own DNS, or having the
> > records hosted?
>
> No, using the isp's. Why?
Nothing, just being curious.
>
> > For the sake of completeness, there's also a third private
> > address range, 172.16.0.0 - 172.31.255.255 which nobody seems
> > ever to use, probably because it doesn't belong to a "class".
> > Classes aren't in use any more, but they're convenient for
> > netmasking, which classless subnetting isn't: I think this
> > range is 172.16.0.0/20 in CIDR notation, but I'm not sure (and
> > I'm too lazy to calculate now).
>
> OK. And the advantage over the other two...? Is there one?
>
None whatsoever, if you ask me. You either don't need much addresses and
can go with 192.168/16 (or pick 10/8 because you like it), or you do and
have to use the 10/8. There might be cases where this additional address
range comes in handy, but otherwise... In your case, you can pick whatever
you like, the range used is completely irrelevant.
Cheers
--
Horror Vacui
Registered Linux user #257714
Go get yourself... counted: http://counter.li.org/
- and keep following the GNU.
To unsubcribe send e-mail with the word unsubscribe in the body to:
Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe
Other related posts:
