[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] Red Hat 8.0 as a router

To: Brian Candler <B.Candler at pobox.com>
Subject: Re: [afnog] Red Hat 8.0 as a router
From: Daniel Obuobi <dobuobi at yahoo.com>
Date: Thu, 14 Aug 2003 13:19:08 -0700 (PDT)
Cc: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Cc: afnog at afnog.org
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog at afnog.org
In-Reply-To: <20030813073855.GB17743 at uk.tiscali.com>
List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
List-Help: <mailto:afnog-request at afnog.org?subject=help>
List-Id: The AfNOG general discussion list <afnog.afnog.org>
List-Post: <mailto:afnog at afnog.org>
List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
Sender: afnog-bounces at afnog.org

Ideally, the diagram look your diagram.

INTERNET
          /212.53.99.1(upstream router)
         /
        /(wireless segment)
       /212.53.99.38
 LINUX(ROUTER)
      |.1               10.0.0.0/24
   ---+-------------+------------+---------------+----
                    |.2          |.3             |.4
                PROXY(SQUID) PROXY(SQUID)   MASQ PC 
                 /.1            /.1             /.1
                /192.168.0/24  /192.168.1/24  
/192.168.2/24
               /              /               /
        PC-PC-PC-PC-PC     PC-PC-PC-PC      PC-PC-PC

What I want to do is to let the Linux box acts as a
Router, a DNS (temporary) and NAT for all PCs since
have limited public IPs. 

Yes,the 1st squid proxy has 10.0.0.2 outside and
192.18.0.1 inside, the 2nd 10.0.0.3 outside and
192.168.1.1 inside etc.
So the squid proxy do NAT. For Internet Access the
Linux Router/DNS must do NAT to change the private IP.

The question is what is the best way of doing that.

1)Selecting DNS during Installation will install the
necessary DNS files. 

2)For the NAT I want to add the following to the
rc.local file but its look like it is not available on
RedHat Linux 8.0:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -A Forward -s 192.168.0.0/24 -d
0.0.0.0/0 -j MASQ
Which other option is available?

3)Finally I need to configure the same box as a
router?  What is the best way. I hope my question is
clear now.

bye

--- Brian Candler <B.Candler at pobox.com> wrote:
> On Tue, Aug 12, 2003 at 10:51:07PM -0700, Daniel
> Obuobi wrote:
> > The ASCII diagram on the network is shown below. I
> > hope it will look presentable.
> 
> Unfortunately it's missing several important things
> to make it useful:
> - if a box has two interfaces, show both interfaces
> - show the IP addresses
> - show each network segment explicitly (although
> treat a layer 2 area
>   as a single item, e.g. we don't care if you have 5
> hubs plugged together,
>   it still counts as a single network when talking
> at the IP layer)
> 
> So using guessed numbers, it might look something
> like
> 
>         INTERNET
>           /212.53.99.1(upstream router)
>          /
>         /(wireless segment)
>        /212.53.99.38
>  LINUX(ROUTER)
>       |.1               10.0.0.0/24
>   
> ---+-------------+------------+---------------+----
>                     |.2          |.3             |.4
>                 PROXY(SQUID) PROXY(SQUID)   MASQ PC 
>                  /.1            /.1             /.1
>                 /192.168.0/24  /192.168.1/24  
> /192.168.2/24
>                /              /               /
>         PC-PC-PC-PC-PC     PC-PC-PC-PC      PC-PC-PC
> 
> So in this example the first squid proxy has
> 10.0.0.2 on its outside
> interface and 192.168.0.1 on its inside interface.
> 
> Because you say you are using network 10, which is
> private address space
> like 192.168 (both are in RFC1918), then it seems
> there are two sets of NAT
> going on. So do you have a second NAT box? Or does
> your upstream ISP do NAT
> (yuk)?
> 
> Anyway, what was the question again? :-)
> 
> Regards,
> 
> Brian.

=====
Daniel Obuobi
Co-ordinator, Computer Centre
Technical Co-ordinator, AVU Cape Coast
University of Cape Coast, Cape Coast, Ghana
Tel: 233-42-32440 / 233-42-30859 (Office); Fax: 233-42-34612 
Co-ordinator, Global Teenager Project, Central Region, Ghana.

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>

Follow-Ups:
- Re: [afnog] Red Hat 8.0 as a router
  - From: shogunx <shogunx at sleekfreak.ath.cx>
- Re: [afnog] Red Hat 8.0 as a router
  - From: Brian Candler <B.Candler at pobox.com>

References:
- Re: [afnog] Red Hat 8.0 as a router
  - From: Brian Candler <B.Candler at pobox.com>

Prev by Date: [chamba at nambu.uem.mz: [afnog] AFS over NAT bug]
Next by Date: Re: [afnog] Red Hat 8.0 as a router
Prev by thread: Re: [afnog] Red Hat 8.0 as a router
Next by thread: Re: [afnog] Red Hat 8.0 as a router
Index(es):
- Date
- Thread