[nSLUG] Server Behind router
jim at on-site.ns.ca
Tue Sep 20 19:40:21 ADT 2005
I am not clear if the server mentioned is the one with the Web and other
services on it.
I see the following:
Eastlink Modem > Router > server > ??
How do the Internal units connect? Are they through the Linux box? Is the
Linux box the file and print server for the business as well?
How I would set it up.
1) When you get a static IP from Eastlink for a commercial account you USUALLY
get 5 static IPs not 1.
2) If you have more than 1, put a 5 port 10/100 switch next to the Eastlink
modem. and connect the switch to the Eastlink modem.
3) Connect the router to one port on the Switch.
4) Connect the Linux box WAN (Internet) side on another port of the switch.
5) In the router configure NAT. Configure one of the static IP and gateway as
defined by the ISP (Eastlink) on the WAN side of the router. Suggest you use
the highest IP assigned to you for this and the lowest reserved for the Linux
box. Configure a static IP on the LAN side of the router in a range to match
your current setup.
6) Disable DHCP on the router if the users inside the LAN are static or
assigned by another DHCP server. Point the users to this device as gateway
using the static IP set in 5 above for the LAN side. Enable NAT on the router
and thus each user inside should have a private ( i.e. non-public IP) and I
would suggest you use 172.16.x.x to 172.31.x.x rather than 192.168.x.x or
10.0.x.x as some service providers such as aliant etc use both of these ranges.
Security by obscurity. Disable ping response from WAN side on the router.
7) On the Linux box set the static IP (one of the others, the one to appear in
Eastlinks DNS) as assigned by Eastlink. Set the gateway netmask and DNS as
given to you by Eastlink.
8) For simplicity while getting this all to work use Eastlink as the DNS
provider for both the Windows units inside and the Linux box. Some of their
DNS servers are. 184.108.40.206, 0.75, 0.91 among some of them.
9) Now the workstations have a gateway device and IP. They should get the DNS
from the router and if not set it statically in the Network configuration of
each of the workstations.
10) The linux box should be able to ping to the world by both IP and name. So
check www.dal.ca and say hit 220.127.116.11 a few times.
11) The workstations should be able to do likewise.
12) Once this is working you can work on firewalling and port forwarding
through the Linux box if you choose. For now get them working and the Linux
box working. This configuration does not cause them grief as you experiment
with the Linux box. And one NIC on the Linux box is on the outside world.
13) The 2nd NIC on the lInux box can be connected to the router LAN side for
access from inside the router or to the switch that serves the rest of the
14) I am assuming that there is some additional switch between the users and
the LAN side of the router
Remember IT is supposed to be, above all, an enabler of the goals on the
enterprise. So get functionality and grow on it step by step.
If all else fails, call me. We have similar configurations all over the place.
Hope this helps
More information about the nSLUG