cannot get wan access from my server 3

[mackey333]

my lan topology is set up like this:

                           _[linux ftp server]
                          /
[cable modem]---[switch]-|
                          \_[gateway router]
                                    |
                                    |-[host1]
                                    |-[host2]
                                    |-[host3]

The ftp server used to be behind the router, but since it has a built in firewall, external connections wouldn't go through.  So i just bought a switch and hooked everything up like the diagram above.  Now I am having an access problem.  If the switch is turned on with everything plugged in,everything under the router can get internet access but the ftp server can't, the 'eth0' interface cannot even be loaded.  If the switch is turned
on without the router plugged in, the ftp server can gain internet access,but if i plug in the router and turn it on, the hosts below the router cannot gain access to the internet.  If I plug a windows pc into the switch, and turn it on then everything works except the ftp server.  Is there some sort of setting I need to change or does that topology just not work with linux for some reason? (i'm using redhat 8.0)

-Greg :-Q

 

[XFW]

You should put your newly bought switch behind your router and then put every devices ( including the linux FTP server ) on the switch ports.

If I were you, I would set up some kind of NAT ( done from the router ) to translate your LAN ( private ) IP into public IP.

If you want outside users to access your FTP server, you would simply map one public IP with the private IP you are using for that box.

Another solution would be put the FTP server into your DMZ port directly using the public IP, however, you lan device won't be able to talk to the FTP server.

Phil

 

[mackey333]

The problem is my router is not very cofigurable at all. I figured if I put the switch before the router anything connected to it would not be firewalled, I don't understand why I cannot gain wan access with only my linux machine though. The router is a netgear gateway router [rt314] if that helps. -Greg :-Q

 

[RhythmAce]

I haven't seen a setup like this but I'm thinking it's an addressing issue. Does your switch direct only ftp traffic (port 21) to the ftp server? How are addresses assigned? Your router needs to see the internet to be able to work which means an external ip as well as an internal one. To work the way you have it, I think you would need two public ip addresses unless the switch can do the same thing the router can as far as assigning addresses goes. Is there any way you can put the router in front of the ftp server again and put the ftp server in the dmz? Then you can chuck the switch.

 

[mackey333]

I don't have a dmz...maybe a hub would work intead of a switch? (its just a regular off the shelf switch(it redirects everything)) -Greg :-Q

 

[mackey333]

ok, on my router i found the gateway it uses (technically my modem as switches don't have ip addresses), so how can i program only my gateway in redhat 8.0 while still getting everything else from my isp (it won't let me use a dynamic ip and specify my own gateway in the configuration)..or should i take this question over to the linux client program -Greg :-Q

 

[smah]

A hub won't make any difference. RythmAce got to the root problem - you're only getting 1 ip address from your ISP and you're trying to assign it to 2 different devices. One's going to win the address and one's going to lose. What model is the router? You should be able to configure some kind of port forwading, then (like everyone has said) you'll be able to have the FTP server behind the router which will be more secure anyway.

 

[mackey333]

nevermind, i think i've located the problem...my isp only takes traffic from the registered MAC address. my router is using MAC spoofing...so anyone know of an ip spoofer for linux? -Greg :-Q

 

[smah]

It still won't work if your ISP is assinging you only 1 IP address.

 

[RhythmAce]

I ain't buyin' it. ) Even a $29 router lets you configure it a little. In most cases, you type "

http://192.168.0.1"

into your browser and you should be taken to an admin screen for your router"s firmware. There is no reason you shouldn't be able to connect everything through the router. No matter how many connections you have through your router, your ISP just sees one connection because you are sharing it.

 

[mackey333]

yes, I can configure it, but nothing advanced such as port forwarding...but i checked on the website and there is new software for it with added features..i'm gonna install it now..
p.s.i wasn't even thinking about the fact that i only had 1 ip lol, i always don't think about the most obvious answer -Greg :-Q

 

[mackey333]

hmmm..aparently to get to all the configuration of my router i have to telnet to it...i wish it said that in the manual and not just online..o well it's working now..thanks everyone! -Greg :-Q