Gecko68
07-06-2001, 06:04 PM
There's this project i got thrown into that's making my mind turn to jelly. If anyone wants to take a stab at helping me, it will be more than appreciated. Here goes the long and torturous explanation:
A remote office (eventually 7 of them) running a private 192.168.x.x network uses a compatible systems router over a frame relay to the central office cisco 2600 router. The Cisco, which also happens to have the public IP given to us by the ISP, gets directly plugged to the linux box external NIC (eth0)which also has a public IP. (basically the Cisco is the gateway out to the public as well as the collection point for the frame relays) The internal NIC (eth1, private 192.168.x.x) of the linux box then is patched to a big 10/100 switch, allowing the central office's computers to be firewalled by the linux box, and to browse using NAT, or masqerading as it's known in linux. (i think).
Now, in theory, this system is to allow the remote offices to also be behind the linux firewall as far as internet access goes, and be able to use the resources at the central office (citrix server, printers, fax server, other things on the private 192.168.x.x ).
On the linux box, eth1 uses eth0 as a gateway, eth0 uses the cisco as a gateway. The workstations use the linux eth1 as a gateway, thus establishing internet connectivity from the private side in the Central office.
right now, i can go to a remote office and ping to the internal IP of the linux box, but not any of the other resources at the central office. they cannot browse to the internet.
The central office computers use the internet, and can ping to the remote workstations in the other offices.
*whew!*
Is my problem a routing issue, or is it a firewall issue? The system is RedHat 7.1. which means that either iptables or ipchains can be used for firewalling. I currently am using, in the gnome gui, "firewall-tools from the system menu. I think it uses ipchains to do this.
Again, any comments, explanations, or ideas are welcome. Just trying to brainstorm and figure this out. Thanks!
Jorden
A remote office (eventually 7 of them) running a private 192.168.x.x network uses a compatible systems router over a frame relay to the central office cisco 2600 router. The Cisco, which also happens to have the public IP given to us by the ISP, gets directly plugged to the linux box external NIC (eth0)which also has a public IP. (basically the Cisco is the gateway out to the public as well as the collection point for the frame relays) The internal NIC (eth1, private 192.168.x.x) of the linux box then is patched to a big 10/100 switch, allowing the central office's computers to be firewalled by the linux box, and to browse using NAT, or masqerading as it's known in linux. (i think).
Now, in theory, this system is to allow the remote offices to also be behind the linux firewall as far as internet access goes, and be able to use the resources at the central office (citrix server, printers, fax server, other things on the private 192.168.x.x ).
On the linux box, eth1 uses eth0 as a gateway, eth0 uses the cisco as a gateway. The workstations use the linux eth1 as a gateway, thus establishing internet connectivity from the private side in the Central office.
right now, i can go to a remote office and ping to the internal IP of the linux box, but not any of the other resources at the central office. they cannot browse to the internet.
The central office computers use the internet, and can ping to the remote workstations in the other offices.
*whew!*
Is my problem a routing issue, or is it a firewall issue? The system is RedHat 7.1. which means that either iptables or ipchains can be used for firewalling. I currently am using, in the gnome gui, "firewall-tools from the system menu. I think it uses ipchains to do this.
Again, any comments, explanations, or ideas are welcome. Just trying to brainstorm and figure this out. Thanks!
Jorden