[nSLUG] Server Behind router

Jim Haliburton jim at on-site.ns.ca
Tue Sep 20 19:40:21 ADT 2005

I am not clear if the server mentioned is the one with the Web and other 
services on it.

I see the following:

Eastlink Modem > Router > server > ??

How do the Internal units connect?  Are they through the Linux box?  Is the 
Linux box the file and print server for the business as well?

How I would set it up.

1)  When you get a static IP from Eastlink for a commercial account you USUALLY 
get 5 static IPs not 1.

2)  If you have more than 1, put a 5 port 10/100 switch next to the Eastlink 
modem. and connect the switch to the Eastlink modem.

3)  Connect the router to one port on the Switch.

4)  Connect the Linux box WAN (Internet) side on another port of the switch.

5)  In the router configure NAT.  Configure one of the static IP and gateway as 
defined by the ISP (Eastlink) on the WAN side of the router.  Suggest you use 
the highest IP assigned to you for this and the lowest reserved for the Linux 
box.  Configure a static IP on the LAN side of the router in a range to match 
your current setup.

6)  Disable DHCP on the router if the users inside the LAN are static or 
assigned by another DHCP server.  Point the users to this device as gateway 
using the static IP set in 5 above for the LAN side.  Enable NAT on the router 
and thus each user inside should have a private ( i.e. non-public IP) and I 
would suggest you use 172.16.x.x to 172.31.x.x rather than 192.168.x.x or 
10.0.x.x as some service providers such as aliant etc use both of these ranges. 
 Security by obscurity.  Disable ping response from WAN side on the router. 

7)  On the Linux box set the static IP (one of the others, the one to appear in 
Eastlinks DNS) as assigned by Eastlink.  Set the gateway netmask and DNS as 
given to you by Eastlink.

8)  For simplicity while getting this all to work use Eastlink as the DNS 
provider for both the Windows units inside and the Linux box.  Some of their 
DNS servers are., 0.75, 0.91 among some of them.

9)  Now the workstations have a gateway device and IP.  They should get the DNS 
from the router and if not set it statically in the Network configuration of 
each of  the workstations.

10)  The linux box should be able to ping to the world by both IP and name. So 
check www.dal.ca and say hit a few times.

11)  The workstations should be able to do likewise.

12)  Once this is working you can work on firewalling and port forwarding 
through the Linux box if you choose.   For now get them working and the Linux 
box working.  This configuration does not cause them grief as you experiment 
with the Linux box.  And one NIC on the Linux box is on the outside world.

13)  The 2nd NIC on the lInux box can be connected to the router LAN side for 
access from inside the router or to the switch that serves the rest of the 

14)  I am assuming that there is some additional switch between the users and 
the LAN side of the router 

Remember IT is supposed to be, above all, an enabler of the goals on the 
enterprise.  So get functionality and grow on it step by step.

If all else fails, call me.  We have similar configurations all over the place. 

Hope this helps

Jim H


More information about the nSLUG mailing list