Here is the story:
( It's long & comlex but I am giving lot's of points, and will increase for a good answer that will work)
I will begin by telling about what I
am trying to acomplish, then I will
describe my environment in detail,
then explain What I did by myself and what's
the current problems.
this is because I might approuched the whole thing wrong ...
What am I tring to do:
-------------------------
My Company has a big & complex network,
With many routers, dns servers etc.
I have a file server, and I want to put it behind
a firewall whithin the network, so I can limit
access to it to certain people from specific workstation.
Technical details - Enviroment:
--------------------------
--------
The big network has many routers.
The company admins, supplied my department with a router,
where his IP is 129.17.254.1
I am allowed to define new computers in my segment
with IP in the format: 129.17.*.*
Most of the workstations in my department are using:
129.17.1.*, 129.17.10.*, 129.17.20.*
No one is using 129.17.70.*
I have:
1 File server, OS Won 2k server, 1 Net card.
1 fire wall server Pentium II, OS Linux Red Hat 7, 2 Net cards.
What I did:
-------------
The firewall:
I have done most of the work with netconf utility.
I gave eth1 the IP 129.17.254.11, Net mask 255.255.255.0
and connected to a socket of the big network on the wall.
I gave the other net card eth0 IP 129.17.70.1 ,Net mask 255.255.0.0
( I tried 255.255.255.0, which also works but causes redirection
on the 129.17.254.1 gateway)
and connected it to the file server net card with a cross cable.
set the dns to 201.1.4.1 which is one of the dns in the big network.
Also marked the X which says to use the dns.
I set the default gateway of the firewall as 129.17.254.1
I enabled the X in the default getway settings.
I Enabled the forward chain in the firewall
And created the following rules,
All ACCEPT, MASQUARDING, By - directional:
from 129.17.70.0, Mask 255.255.255.0, to 129.17.254.11, Mask 255.255.255.0
from 129.17.70.0, Mask 255.255.255.0, to 201.1.4.1 , Mask 255.255.255.255
I gave the file server the IP 129.17.70.11
set the default gateway to: 129.17.70.1
set dns to 201.1.4.1
Here what goes:
-----------------
From the fire wall, I can ping all the network and the file server.
From the file server, I can ping the firewall and all the 129.17.*.*
network, and the dns server.
From both, I can only ping IP numbers, not names, as if the dns doesn't work well.
From a simple workstation, IP 129.17.20.10, I can ping 129.17.254.1,
129.17.254.11, 129.17.70.1 and 129.17.20.* and 129.17.10.* ...
But I cannot ping 129.17.70.11 ( the file server)
What I need:
-------------
I need that all workstations with ip 129.17.20.* or 129.17.10.* will be able
to acces the file server, but no one else. ( doesn't work)
I need the file server to be able to access 129.17.*.* (which is OK now)
I need a backup server from 129.18.*.* to be able to access the server. ( doesn't work)
I need the firewall & fileserver to work OK with DNS ( doesn't work now)
Someone told me to try ipmasqadm, but all I could do with it is make other computers
wotk with some services like ftp, www on the file server 129.17.70.11, while they are doing
ftp 129.17.254.11 ,
by doing :
ipmasqadm portfw -a -P tcp -L 129.17.254.11 21 -R 129.17.70.1 21
On the firewall. but it's no good, because I need the users to acces shares on
the file server normally using explorer ...
What do I need to do to make this thing work !?!?!
Please email me to e-ofek@infomall.co.il
if you have any questions ...
Thanks,
Eli.
Start Free Trial
