Need network advice

Chuck Kuecker ckuecker at ckent.org
Fri Jun 25 12:25:44 UTC 2010 

Hello,

I am running Ubuntu 9.10 for my DNS, web page, and email server, as well 
as to develop embedded Linux code for a customer. I have a development 
kit that needs to access the Internet to serve an internal web page. My 
Internet connection is T6 wireless broadband, and I have a static IP.

I installed a second Ethernet card in the Ubuntu box for the embedded 
device to connect to. It is running on the 10.0.0.x network. My main 
local network between the broadband modem and other computers, including 
the Ubuntu box, is 192.168.0.x.

The problems: First, I am running Firestarter as an interface to the 
firewall, and have it set to allow traffic to my email and web servers 
from the Internet. My DNS setup is working fine for this. When I have 
the firewall enabled, the 10.0.0. network cannot reach the Ubuntu 
machine for TFTP, HTTP, or email. If I disable the firewall, I can talk 
to the development system via TFTP, and see the internal web page if I 
enter the local IP in Firefox. The IP of the Ubuntu port is 10.0.0.1, 
the development system is on 10.0.0.2. I can TFTP from the dev system to 
the main box at 192.168.0.200 with the firewall off, but this fails with 
the firewall on. I don't see any rules in Firestarter that should cause 
this. A fix would be nice in that I would not have to kill the firewall 
every time I want to access the development system, but if it's too much 
trouble, I can live with this.

Ultimately, I want the local DNS server to steer HTTP traffic for the 
development system to its' internal IP, while HTTP traffic to my regular 
web site goes to the main web server on the Ubuntu box at 192.168.0.200, 
so my customer could access and interact with the development system. 
Obviously, I cannot give him the internal IP address to put in his 
browser. I think I need to make changes to the BIND configuration files, 
and have studied the O'Reilly DNS and BIND book, but I just get more 
confused.

I can post my DNS zone files if that helps.

Another thought occurred to me - could I simply put the development 
system on the 192.168.0 network, and have my DNS steer traffic directly 
to that IP? Do I really need two Ethernet ports in the main computer? 
Maybe I am making this more complicated than I need to. I only installed 
the second port because the examples in the O'Reilly book seemed to make 
that look like the only way I could get it to work. The firewall issue 
did not exist when everything was on the 192.168.0 network.

Any help would be greatly appreciated. I'm not a network person!

Chuck Kuecker

More information about the ubuntu-users mailing list