This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPs to go through ASL

Sorry for maybe asking really stupid things. I read alot around, but somehow I didnt get it to work - I even do not know how to plan it.

I got a hole class-c (a.b.c.x). my router on eth0 is a.b.c.1 my asl is a.b.c.2 on eth1 I want to have some webservers serving the rest of the net a.b.c.x. well... how? How do I have to set up the Interfaces to get it to work? How can I set up the routing correctly?

Sorry again and thanks for your hints.

This thread was automatically locked due to age.

Parents

0 tom_01 over 23 years ago

FAQ #4008 should help you.
http://docs.astaro.org/asl-faq.pl#4008

If you still have questions, please post here again.

/tom
Cancel
Vote Up 0 Vote Down

Cancel
0 Marius over 23 years ago in reply to tom_01

Thanks. This looks like what I like to do. But I am still to stupid to get it to work. What I have set up is:

default gw: a.b.c.1

Intern:
eth0: 192.168.100.100
nm: 255.255.255.0

Extern (Cisco):
eth1: a.b.c.2
nm: 255.255.255.240
Proxy ARP

DMZ:
eth2: a.b.c.16
nm: 255.255.255.240

When I try to ping an IP of the DMZ from the ASL it does not work. But it does when I ping an IP of the Intern from the ASL.

Rules is for testing any:any:any:allow

Is this configuration wrong or is just another setting missing?

Thanks again.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Marius over 23 years ago in reply to tom_01

Thanks. This looks like what I like to do. But I am still to stupid to get it to work. What I have set up is:

default gw: a.b.c.1

Intern:
eth0: 192.168.100.100
nm: 255.255.255.0

Extern (Cisco):
eth1: a.b.c.2
nm: 255.255.255.240
Proxy ARP

DMZ:
eth2: a.b.c.16
nm: 255.255.255.240

When I try to ping an IP of the DMZ from the ASL it does not work. But it does when I ping an IP of the Intern from the ASL.

Rules is for testing any:any:any:allow

Is this configuration wrong or is just another setting missing?

Thanks again.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Marius over 23 years ago in reply to ClausP

Yes, but...
Cancel
Vote Up 0 Vote Down

Cancel
0 tom_01 over 23 years ago in reply to Marius

quote:

DMZ:
eth2: a.b.c.16

are you using .16 as the interface address ? that is the network address ... (and .31 is broadcast)

try to use .17, and .18-.30 for the DMZ machines.

/tom
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 23 years ago in reply to Marius

ICMP ENABLED (ASL) ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Marius over 23 years ago in reply to tom_01

Thanks. That was my silly mistake.... Now it works.
Cancel
Vote Up 0 Vote Down

Cancel