[Wylug-help] [WYLUG_HELP] Help needed setting up server and L AN

Wed Aug 15 17:51:39 BST 2007

On Wednesday 15 August 2007, mike.goodman at zen.co.uk wrote:

> I'd like to set up a server on a box which includes two 
> (identical) hdds and two 10/100 ethernet cards. I'd like it 
> to be a web server, NFS server and print server and act as a 
> firewall to the outside world, running on Debian 4 (Etch). 
> I'd like this server, not my router, to offer DHCP and fixed 
> addresses as appropriate to anything else on the network.  My 
> router is a Netgear DG834 which hogs 192.168.0.1, so from my 
> understanding, having anything behind the server in the 
> 192.168.0.* range is a bad idea. Please correct me if I'm 
> wrong. I have a fixed IP address from my ISP (Zen Internet).

> Using a single CD and netinstall, the system picks up both 
> ethernet cards and sets the primary (eth0) using DHCP as 
> something like
> 192.168.0.6 which makes me wonder, is the "primary" the 
> outward-facing, i.e. the one with the cat5/RJ45 attached to 
> the router as I suspect, or is it the one attached to my 
> 8-port hub, which also has another PC (running Ubuntu) and 
> sometimes my laptop (running Xubuntu) attached by cat5s? I 
> hit problems whenever I try to manually set the network on 
> this card with either an alternative IP range, say 
> 192.168.xx.0/255 or with the fixed (ISP-provided) IP address. 
> Given the aspiration, should I simply accept the 
> detected/allocated settings? Or should I accept them for the 
> installation process then go back in and alter them manually? 
> Or am I simply doing something wrong when configuring manually?

It sounds like you want your Debian server to be a router; bear in mind that
your Netgear device is also a router. Each router has (at least) a WAN and a
LAN side - the WAN side generally being the side closer to the Internet.
Your server's WAN IP (eth0) is being picked up from the Netgear router and
is in the subnet 192.168.0.0/24, along with the Netgear's LAN interface
(192.168.0.1). You should configure your server's LAN IP (eth1) to be a
fixed IP in a different subnet, perhaps 192.168.1.1/24. The DHCP server
running on your Debian server should then offer IPs in the subnet
192.168.1.0/24 and a default gateway of the fixed IP that you set your eth1
LAN interface to (192.168.1.1). Clients on the inner network will then be
able to route to your 'middle' network via the Debian server and on to the
Internet network, via your Netgear router. I find it helps if you draw a big
picture of it all. Copious use of ifconfig, ping and traceroute will also
help.

To clarify an aspect of nomenclature to help you understand the above
response: 192.168.0.0/24 means a subnet with a 24-bit mask, and is
equivalent to 192.168.0.x with a subnet mask of 255.255.255.0. I only
mention this as you used "/255" in your original post which is obviously not
a legal subnet although I think it is clear what you meant. 

There are stories on the web of people that have had problems with this
configuration, especially when using VPN or SSL connections from the inner
network but I have had a network configured like this for the last year and
have never had any problems.

Sadly, I can't help you with any Debian specific setup but I'm sure there
are many that can.

Steve

This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com