[lug] IP subnetting, Firewalls, and RAID

Andrew Diederich andrew at netdelivery.com
Fri Dec 10 23:21:50 MST 1999 

Yup, this one runs the gamut.  I'm helping a buddy set up a new linux 
firewall. He's ordered the box from Dell with Red Hat preinstalled, so
I'm guessing it is 6.1.  I've been wandering through the howtos this
evening tyring to get everything figured out, but I'm still missing
some stuff.

IP subnetting:
he wants to set up a class B on a 10.x.x.x network, obviously internal.
He was thinking of using 10.1.x.x for servers, 10.2.x.x for developers, etc.
I think that he'd need routers for that, but if he shifted right one
in the dotted-quad he'd be OK?  So, 10.0.1.x for servers, 10.0.2.x for
developers, with a 255.255.0.0 netmask?  

RAID:
this one (I think) should be straightforward, but I'm having trouble
finding the right documentation.  My SuSE 6.1 box came with a howto
for mounting a root RAIDed partition, but it was apparenently written
by a crazy person.  (Or maybe I just didn't get it.)  I know it involves
things like md-something-or-other, and it involes reformatting, but
I just can't find the place to start.  Any hints?  Oh, he just wants
RAID 1 (mirroring).

Firewall:
I guess one solution might be to get a KRUD CD from Kevin.  I'm not proud,
let me know if that's the right way to go.  *grin*  Anyway, I just read
through the IP-Masquerading howto, the IP-chains howto, and the 
firewall howto, and am still confused.  I guess I was hoping there was an
easier way than building all of the rules myself with the ipchains stuff.
I think the firewall howto was from '96 -- the author said he'd tested
it with Red Hat 3.0.3.  

I just took a look at Isinglass again, but I got scared when it said 
it was still using ifwadm and then I was supposed to run the convert 
script to the ipchains way.  Maybe that's ok, but I don't have enough
experience here to judge.  That's why I post here.  ;-)

The only (slightly) strange thing I want to do with the firewall is allow
in http requests to a specific web server inside the network.  The ipchains
docs said a little about it, but I think they mostly said it could be done.


Danke.

Andrew Diederich
andrew at netdelivery.com
"Insert funny quote here"

More information about the LUG mailing list