Ariel:
We have our office LAN connected via a DSL router. Here's how our system is
set up. The default gateway (in our case set via the GUI - network at the
administrator site) is set to the router's IP address. IP forwarding is
turned on. The primary interface is set to 192.168.1.1 with a subnet mask of
255.255.255.0. NAT is turned on. For the secondary interface, the IP address
is set to a second IP address assigned to us by our ISP with the subnet mask
also set by the ISP. Our primary DNS is set to 192.168.1.1 (the same as the
primary interface) and the secondary DNS is set to our ISP's DNS address.
This set-up works great for us and should be similar for your leased line
configuration. Let me know if you have any other questions.
HTH
Stephen Sloan
----- Original Message -----
From: Ariel Levin <ariell@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxx>
Sent: Wednesday, November 24, 1999 7:41 AM
Subject: [cobalt-users] FW: Configuring Qube 2 as a firewall - Help needed!
> > I'm running a small LAN in an office. Currently, all my machines are
> > connected directly to the Internet via a Shiva Integrator 150 router
(ISDN
> > line 64K). I have a class C address range distributed by a DHCP server
> > running on one of my Novell NetWare servers. Since we intend to move
into
> > a lease line, we need some sort of IP filtering/firewalling. A full
> > firewall is beyond our budget, so we decided to use a Qube 2 instead.
> >
> > The idea is simple - connect the Qube to the router and the rest of LAN
to
> > the Qube and have all internet traffic go through the Qube. I tried two
> > options - one: using NAT for IP masquerading, two: creating two subnets
> > (we have a class C range, and enough leeway to divide network to two).
> > I've experienced problems in both settings and couldn't accomplish
> > mission. Would appreciate any help or advice. Following is an exact
> > description of the configurations I tried.
> >
> > 1. NAT - the x.x.x.1 of my address range is reserved to the router. I
gave
> > the secondary port of the Qube a x.x.x.2 address, and a private address
> > range (192.68.27.4) to the primary. both subnet masks 255.255.255.0.
> >
> > I couldn't reach beyond that point, 'cause I couldn't connect to the
> > router with my workstation (that still had a "real" IP address
distributed
> > by the router). Hence, I couldn't continue changing the configuration.
To
> > be honest, I wasn't sure exactly how this works, so I decided to go for
> > option 2....
> >
> > 2. Subnetting - Router stays the same. Secondary x.x.x.2, subnet mask
> > 255.255.255.0
> > Primary - x.x.x.129, subnet mask 255.255.255.128. DNS setting - ISP DNS
> > server + DNS turned on on the Qube. DHCP distributing 130-254 addresses.
> >
> > Setting works fine on MAC and NT machines, but fails on W95 machines.
the
> > latter can only reach the gateway (Qube), but not beyond that. A few
> > questions about this setting?
> >
> > 1. Is my Subnet Mask definitions correct? Do I need to change the subnet
> > mask on router (currently on 255.255.255.0)?
> > 2. Do I have to use as domain name the same one used by my ISP (my
> > comapny.com), or can I use a "fake" doamin name for internal DNSing ?
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users