[Wylug-help] Help needed setting up server and LAN

Chris Davies MBCS chris.davies at bcs.org.uk
Thu Aug 16 15:28:07 BST 2007 

Mike Goodman wrote:
> I've just checked the router and can disable NAT. I had thought its 
> address was fixed at 192.168.0.1 - it is not. Does this mean it can 
> operate as a bridge and if so, is this desirable? That's the way 
> SMEServer operates, but I've rejected that as an option because of the 
> lack of inbuilt functionality/learning curve with non-M$ clients. But I 
> do like the overall principles.

Given you've got a (Linux) server between your network and your Netgear, you 
could turn the Netgear into a bridge and have the Server do all your routing 
and NAT. However, for starters I'd probably steer clear of that until you were 
confident with everything else.


I have the ability to turn off NAT as above, so
> would it make sense to configure the [server interface] on the outside 
 > to talk directly
> to the internet via the Internet address? The router is set up to allow 
> all going out and nothing coming in, so my network is vulnerable if 
> anything which is capable of transmitting does get in. As for any fool 
> inside? Let's not go there. :-)

No, you let the Router continue to do NAT for you, so that everything inside 
the Router is on 192.168.[0 or 1].* and it translates outgoing traffic to its 
real external Internet address.

By default, the Router will not allow any new traffic inbound, mainly because 
of NAT. You could enable UPNP I suppose but I've never seen a need for it 
myself. (Besides, if I want externally originated traffic onto my network, I 
want to make an explicit decision to allow it. UPNP automates that decision.)

To allow inbound traffic you'd need to set up Forwarding Rules on the Router. 
For example, you might want to allow inbound ssh on port 60000 to be routed 
through to your Linux server on port 22. Or web traffic (port 80), of course.


> Is dhcp3-server a straightforward apt-get install command to get it?

Well, I'd use "aptitude install dhcp3-server" instead of apt-get, but yes it 
is. I'm off for a fortnight but I'll try to remember to email you my 
configuration file before I go. It's overcomplicated for your need but you can 
probably chop out the bits you don't want more easily than writing a new one.


> Finally, should I be OK if I do the basic install then configure the 
> network for the new settings, or should I install the full server then 
> go back in and do it, or at what stage in between?

Do the basic installation, configure the network to do what you want, and then 
install the whizzy bits (NFS, web server, mail server, IPtables, etc.)

Chris

More information about the Wylug-help mailing list