Rookie needs assistance

[Spinaker]

I am just seting up RedHat 9.0 box for my LAN (25 appartements), i have 5 public IP's and i want to use them good, so i am thinking about using one ip for all the users which will connect via DHCP, and other for to use for computers inside the LAN but with constant IP's acting as a different servers. I dont want to put them outside local network couse i want to be able to access them from inside LAN also. Please any good ideas how to do it, i have checked the threads and i couldn't find any example.

My Linux box has two NIC's and ADSL connection.

Thanks in advance, Spinaker.

 

[santoshdj123]

How u can connect to your local lan by using public ip. on your linux server u must give on public ip for incoming traffic from ADSL connection. and second nic should have private ip for local lan purpose. there should be nating done on eth0 interface.
But if u want to use 5 public ips then connection the incoming adsl connection to switch/hub and to that switch connect the five pcs having public ips . and one of them u can servce as a server for your local lan.
but use different switch/hub for your local lan.

 

[lullysing]

Go with a DMZ- Nated LAN setup.

(the net) -------- (linuxboxen)--------(lan)
|
|
|
(DMZ)

All public (internet accesible) IP addresses should go in the DMZ, and the rest should be using your linuxboxen's IP address as a default gateway. Don't forget to setup the firewall and NATing rules ( using iptables) .

In this setup, you lose 1 IP for the linuxboxen which will act as a gateway/firewall, and get 4 possible IPs for your DMZ, unlimited IPs over the lan.



_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.

 

[Spinaker]

Thanks for the reply santoshdj123 and lullysing,

If i will go for the DMZ solution, would it be possible to acces a box in the DMZ from the LAN ? and sholud i have three NIC's in the linux box?

On the beginning i was thinking about multiple IP's on one NIC. So one i'm loosing for the DHCP server for the clients, and the 4 left i'm NATing to the boxes inside the LAN, boxes with static IP's.

What do you suggest DMZ or my sollution? What i will gain from DMZ?

Thanks in advance, Spinaker.

 

[lullysing]

For that kind of setup, you would nee 3 interface cards... 1 for net connection, 1 for DMZ and 1 for LAN. LAN people can access the DMZ if you allow it by going thru their regular gateway ( don't forget to put the routes for it).

The DMZ (de-militarized-zone) setup is good because it makes it that the servers themselves are on a different area of the network than your regular LAN machines. From a security perspective, if your DMZ is compromised, your LAN machines should be generally safe if you configured your gateway between them with appropriate permissions and rules.
But of course, nothing is that simple...

May i suggest getting a really good book called "Internet site security" by Erik Schetina, Ken Green and Jacob Carlson ? It explains the whole principle of this and more, you will learn a lot of really interesting things about network topology and security from that book..and it's not platform specific.

--Dave

_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.

 

[Spinaker]

Thanks lullysing,

I will order the book, but in a mean time, could you help me then with starting working on it, i have already three NIC's inside the box, RedHat installed, what should be the minimum for that machine? how to approach configuration?

Thanks in advance, Spinaker.

Gone with the wind...

 

[lullysing]

ok, before you even lay hands on that server, drop what you are doing, and go get some white paper and a pen and start planning things in advance.

That is the first stage before you even touch aNYTHING : you make diagrams on a piece of white paper, you think about which services are going to be offered, who will have access to what, how they will connect, etc etc etc.

You have 4 public IPs: what services are going to be offered on those public IPs? Do you absolutly need to fill them all ? what do your users need to have access to ? Can you put some servers on your lan only for network use? if so, does that mean that effectively the people on your lan don't need to access the DMZ area entirely in the first place ?

And this is just starting with the rounds of question. Trust me on this mate, sit down and start planning in advance, otherwise you are going to have to keep modifying what you're doing because of something you didn't think/plan for in the first place.


_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.

 

[Spinaker]

Thanks again for good advice, i will make a flow chart what i really want and what i need. Then if it is ok with you I will ask you some questions.

Thanks again

Thanks in advance, Spinaker.

Gone with the wind...