Need network advice
Chan Chung Hang Christopher
christopher.chan at bradbury.edu.hk
Fri Jun 25 13:55:36 UTC 2010
Chuck Kuecker wrote:
> I am running Ubuntu 9.10 for my DNS, web page, and email server, as well
> as to develop embedded Linux code for a customer. I have a development
> kit that needs to access the Internet to serve an internal web page. My
> Internet connection is T6 wireless broadband, and I have a static IP.
> I installed a second Ethernet card in the Ubuntu box for the embedded
> device to connect to. It is running on the 10.0.0.x network. My main
> local network between the broadband modem and other computers, including
> the Ubuntu box, is 192.168.0.x.
192.168.0.x is not a 'static ip' aka assigned real ip address. I assume
you have a router that does the appropriate natting for you...
> The problems: First, I am running Firestarter as an interface to the
> firewall, and have it set to allow traffic to my email and web servers
> from the Internet. My DNS setup is working fine for this. When I have
> the firewall enabled, the 10.0.0. network cannot reach the Ubuntu
> machine for TFTP, HTTP, or email. If I disable the firewall, I can talk
> to the development system via TFTP, and see the internal web page if I
> enter the local IP in Firefox. The IP of the Ubuntu port is 10.0.0.1,
> the development system is on 10.0.0.2. I can TFTP from the dev system to
> the main box at 192.168.0.200 with the firewall off, but this fails with
> the firewall on. I don't see any rules in Firestarter that should cause
> this. A fix would be nice in that I would not have to kill the firewall
> every time I want to access the development system, but if it's too much
> trouble, I can live with this.
I suspect that firestarter will set the incoming policy to drop/reject.
please pastebin the output of 'iptables -L -n' at pastebin.ubuntu.com
I suppose that you already have ip forwarding enabled given your comment
about tftp working from 10.0.0.2 to 192.168.0.200.
> Ultimately, I want the local DNS server to steer HTTP traffic for the
> development system to its' internal IP, while HTTP traffic to my regular
> web site goes to the main web server on the Ubuntu box at 192.168.0.200,
> so my customer could access and interact with the development system.
Ugh...it would be so much easier with djbdns' tinydns...
> Obviously, I cannot give him the internal IP address to put in his
> browser. I think I need to make changes to the BIND configuration files,
> and have studied the O'Reilly DNS and BIND book, but I just get more
heh. You need to use views. Fun, fun, fun.
> I can post my DNS zone files if that helps.
Well, we could fix it up for you...unless you insist on doing the grind
yourself of course. Don't want to take away the fun from you.
> Another thought occurred to me - could I simply put the development
> system on the 192.168.0 network, and have my DNS steer traffic directly
> to that IP? Do I really need two Ethernet ports in the main computer?
No...you could run two different subnets on the same physical network
but dhcp will not be possible in that environment. One interface can
take more than one ip and of different subnets too.
> Maybe I am making this more complicated than I need to. I only installed
> the second port because the examples in the O'Reilly book seemed to make
> that look like the only way I could get it to work. The firewall issue
> did not exist when everything was on the 192.168.0 network.
> Any help would be greatly appreciated. I'm not a network person!
What do you want to achieve?
More information about the ubuntu-users