Need network advice

[Patrick Doyle]

On Fri, Jun 25, 2010 at 8:25 AM, Chuck Kuecker <ckuecker at ckent.org> wrote:
> Hello,
>
> I am running Ubuntu 9.10 for my DNS, web page, and email server, as well
> as to develop embedded Linux code for a customer. I have a development
> kit that needs to access the Internet to serve an internal web page. My
> Internet connection is T6 wireless broadband, and I have a static IP.
>
> I installed a second Ethernet card in the Ubuntu box for the embedded
> device to connect to. It is running on the 10.0.0.x network. My main
> local network between the broadband modem and other computers, including
> the Ubuntu box, is 192.168.0.x.
>
> The problems: First, I am running Firestarter as an interface to the
> firewall, and have it set to allow traffic to my email and web servers
> from the Internet. My DNS setup is working fine for this. When I have
> the firewall enabled, the 10.0.0. network cannot reach the Ubuntu
> machine for TFTP, HTTP, or email. If I disable the firewall, I can talk
> to the development system via TFTP, and see the internal web page if I
> enter the local IP in Firefox. The IP of the Ubuntu port is 10.0.0.1,
> the development system is on 10.0.0.2. I can TFTP from the dev system to
> the main box at 192.168.0.200 with the firewall off, but this fails with
> the firewall on. I don't see any rules in Firestarter that should cause
> this. A fix would be nice in that I would not have to kill the firewall
> every time I want to access the development system, but if it's too much
> trouble, I can live with this.
>
> Ultimately, I want the local DNS server to steer HTTP traffic for the
> development system to its' internal IP, while HTTP traffic to my regular
> web site goes to the main web server on the Ubuntu box at 192.168.0.200,
> so my customer could access and interact with the development system.
> Obviously, I cannot give him the internal IP address to put in his
> browser. I think I need to make changes to the BIND configuration files,
> and have studied the O'Reilly DNS and BIND book, but I just get more
> confused.
>
> I can post my DNS zone files if that helps.
>
> Another thought occurred to me - could I simply put the development
> system on the 192.168.0 network, and have my DNS steer traffic directly
> to that IP? Do I really need two Ethernet ports in the main computer?
> Maybe I am making this more complicated than I need to. I only installed
> the second port because the examples in the O'Reilly book seemed to make
> that look like the only way I could get it to work. The firewall issue
> did not exist when everything was on the 192.168.0 network.
>
> Any help would be greatly appreciated. I'm not a network person!
>
> Chuck Kuecker
Hi Chuck,
I'm not sure I followed your whole explanation, but I suspect that the
answer to your question about making this more complicated than you
need is probably "yes".  It would be helpful if you drew a diagram, or
described what machines are hooked up to what networks how.

As I understand it, you have an Internet connection ("Wide Area
Network" or "WAN") to a local router/firewall.  Your "Local Area
Network" (or "LAN") is managed by that router, serving up addresses on
your 192.168.0.x internal network.

It seems like you have configured your router to route connections to
ports 80 (http) and 25 (email) to a Linux server on your LAN.

I'm confused about your need/desire to run your own DNS server, so I
suspect that one of us is missing something (probably me).

If you want your client to be able to access your development system
using HTTP, you could open up another port in your router, say 8080
and point that at your development system (port 80), having placed
your development system on your 192.168.0.x LAN.

--wpd