[Wylug-help] Help needed setting up server and LAN

Chris Davies MBCS chris.davies at bcs.org.uk
Wed Aug 15 17:59:18 BST 2007 

Mike Goodman wrote:
> I'd like to set up a server on a box which includes two (identical) hdds 
> and two 10/100 ethernet cards. I'd like it to be a web server, NFS 
> server and print server and act as a firewall to the outside world, 
> running on Debian 4 (Etch).

In addition to your router, or do you want turn your router into a bridge? 
(I'm not sure the Netgear can function as a bridge, so it's going to do NAT 
for you regardless.)


> I'd like this server, not my router, to 
> offer DHCP and fixed addresses as appropriate to anything else on the 
> network.  My router is a Netgear DG834 which hogs 192.168.0.1, so from 
> my understanding, having anything behind the server in the 192.168.0.* 
> range is a bad idea. Please correct me if I'm wrong.  I have a fixed IP
 > address from my ISP (Zen Internet).

Ensure you understand the topology before you start:

Internet <--> Router <--> Server <--> Switch <-->> Device[s]

The Router will have an Internet address on its external (WAN) port that's 
been assigned by Zen. It will NAT everything on its inside to that single 
external address. Your Server will have two IP addresses: one on its outside 
that talks to the Netgear and one on the inside that talks to the rest of your 
network.


Let's assume you have 192.168.0.* between the Router and the Server (eth0), 
and 192.168.1.* between your Server (eth1) and your Devices.

I like servers low and routers high, with DHCP somewhere in the middle. So I'd 
put the Router as 192.168.0.254, and your Server as 192.168.0.1 (external) and 
192.168.1.1 (internal).

1. Turn off DHCP assignment on your router
2. Set your router to have a static IP address on your preferred "external" 
subnet, e.g. 192.168.0.254
3. Set your server eth0 (connected to the router) to have a static IP address 
on that same subnet, e.g. 192.168.0.1
4. Set your server eth1 (connected internally) to have a static IP address on 
a different subnet, e.g. 192.168.1.1
5. Configure the Router to have a route to 192.168.1.0/24 via 192.168.1.1
6. Install something like "dhcp3-server" and configure /etc/dhpc3/dhcpd.conf 
(more on that later)


> Using a single CD and netinstall, the system picks up both ethernet 
> cards and sets the primary (eth0) using DHCP as something like 
> 192.168.0.6 which makes me wonder, is the "primary" the outward-facing, 
> i.e. the one with the cat5/RJ45 attached to the router as I suspect, or 
> is it the one attached to my 8-port hub, which also has another PC 
> (running Ubuntu) and sometimes my laptop (running Xubuntu) attached by 
> cat5s?

That's hardware dependent, and there's no easy way to find out except by trial 
and error. Assume for now, though, that once you've got it sorted it will 
remain constant. (Once you do have it, label the sockets on the back "external 
ethP" and "internal ethQ" with P and Q as appropriate


> I hit problems whenever I try to manually set the network on this 
> card with either an alternative IP range, say 192.168.xx.0/255 or with 
> the fixed (ISP-provided) IP address.

What sort of problems? Your router's currently configured to issue DHCP leases 
on 192.168.0.*, so whichever interface successfully gets a DHCP lease is the 
one that's connected there. The other, by definition, isn't, and can be 
configured as 192.168.1.1 (or whatever)


> Given the aspiration, should I 
> simply accept the detected/allocated settings? Or should I accept them 
> for the installation process then go back in and alter them manually? Or 
> am I simply doing something wrong when configuring manually?

Personally I tend to go with the defaults for installation and then go back 
and fix them up manually afterwards. I would never accept DHCP for a server 
other than during configuration.


> Once I have the answer to this, how do I configure eth1?

Networks are defined in /etc/network/interfaces (see "man interfaces"), e.g.

auto eth0	# External
iface eth0 inet static
         address 192.168.0.1
         netmask 255.255.255.0
         broadcast 192.168.0.255
	gateway 192.168.0.254

auto eth1	# Internal
iface eth0 inet static
         address 192.168.1.1
         netmask 255.255.255.0
         broadcast 192.168.1.255


> Last question for this stage: should I download any packages for the 
> firewall part, or will the box itself act as a hardware firewall without 
> any help?

At home I use iptables directly, but I'm moving towards "shorewall" (which I 
use at work). You may prefer something more GUI based

Chris

More information about the Wylug-help mailing list