1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
|
<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>Your Own Home Domain With ADSL LG #65</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<CENTER>
<A HREF="http://www.linuxgazette.com/">
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.png"
WIDTH="600" HEIGHT="124" border="0"></H1></A>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="arndt.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue65/chan.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="collinge.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
<P>
</CENTER>
<!--endcut ============================================================-->
<H4 ALIGN="center">
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P>
<!--===================================================================-->
<center>
<H1><font color="maroon">Your Own Home Domain With ADSL</font></H1>
<H4>By <a href="mailto:rayxtra@hotmail.com">Ray Chan</a></H4>
</center>
<P> <HR> <P>
<!-- END header -->
<P> <EM>Note: Domain names and IP numbers in this article have been changed.
I have no connection with myfakedomain.com and myhome.net--please do not send
questions or complaints to them.</EM>
<P>
<B>Acknowledgement</b><P>
This article is a walk through the steps I did
to host my own domain name at home.
It is not a guide or tutorial about how to set up and host your domain.
There are already lots of HOW-TOs
and tutorials on that topic. However, this artice provides working example for your reference, and I've also included
URLs to some really useful web sites. <P>
<B>Background</b><P>
In late 2000, when everyone were talking or already using broadband, I was
still using my Hayes 28.8kbps modem to surf the net. My reason is simple, none of the broadband
provider provides fix I.P. address although they did provide unlimited usage plan. I have a few
domains name registered and hosting at some ISP. The service of the web hosting companies are
limiting to html, perl cgi, pop server and maybe mod_rewrite. They never provide SMTP, MySQL, PHP4.
whatever useful or at a really high price. That's why I'm looking for a broadband provider
willing to provides fix I.P. so that I can host my own web site and run whatever I want.<P>
Thanks god. At Jan 2001, one of the broadband provider at my area annouced that they
will provides fix I.P. with extra cost. It is really expensive but hey that's what I need. I'm willing
to pay for any services that fit my needs. On the other hand, I can save a lot of butts from web hosting
company where my domain names currently located. Why not dynamic I.P.? Yes dynamic I.P. may also do the same
using some tricks with dynamic DNS as provided by no-ip, DynDNS... etc. but it is too annonying and
not really good if you are going to host your own email server. <P>
<B>Planning the Network</b><P>
OK I subscribed to the broadband service finally. It takes two weeks to arrange a technical guy to
install the splitter and ADSL modem. Actually I can do it myself but they don't want me to. Anyway this
is a good time to build the network and prepair for the
high speed connection. Before actually building the network, it is better to think about the topology
first. I make use of my spare old hardware and spent some money to build two linux box.
One linux box will be the baston host running Apache web server, ftp server, email server and MySQL
database server. The baston host will act as an exterior router routing traffic between the internet
and the intranet. The other linux box will be the Intranet server hosting internal application and
data. The intranet box will act as an interior router. Someone asked, why two linux box? Well,
for security reason of course. Please refer to your technical books about firewalling
for details explaination. Figure 1 shows the network diagram of my home network.<P>
<IMG SRC="misc/chan/raynet.jpg" VSPACE="20" BORDER="2"><P>
Since I got only one fixed IP, I'm not going to run any high traffic web site.
Only one baston host may do the job well, since it is a basic and simple
network. It is the solution for me, not neccessary for everyone who are reading
this article. Again, think about your own plan.<P>
<B>Building the network</b><P>
I downloaded and installed RedHat 7.0 to both of the linux boxes. Choose your own packages that sounds
interest to you. It is fine for you to use other distribution. However, there were some essential
components required in order to setup an internet server. Please refer to the HOW-TO at linuxdocs.org.
Again this is not a tutorial. I strongly suggest the following HOW-TOs for this section:<P>
<LI><A HREF="http://linuxdocs.org/HOWTOs/ISP-Setup-RedHat.html">ISP-Setup-ReadHat</a>
<LI><A HREF="http://linuxdocs.org/HOWTOs/DSL-HOWTO/index.html">DSL HOWTO for Linux</a>
<P>
And the following mini-HOWTOs:<P>
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/Domain.html">Setting Up Your New Domain Mini-HOWTO</a>
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/Home-Network-mini-HOWTO.html">Home-Network-mini-HOWTO</a>
<LI><A HREF="http://linuxdocs.org/HOWTOs/mini/IP-Subnetworking.html">IP-Subnetworking</a>
<P>
If you know nothing about what linux can do, you must read '<A HREF="http://www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html">The Linux Networking Overview HOWTO</a>'.<P>
<B>Secure the baston host by packet filtering firewall using ipchains</b><P>
Ok now I got RedHat installed but the linux boxes were not protected yet. I need to setup firewall
and routing table in order to protect the linux machines and forwarding packets from Internal network
to extranet network. This is a really big job for home user, and me too. I did a lot of search at
freshmeat.net, google and sourceforge. I tried a lot of free firewalling
scripts and none of them provides good security and hard to modify. Yes I'm lazy to write my own
filtering and routing rules. You are lucky. I found a really good firewall scripts @ <A HREF="http://iceberg.als.cx/">ICEBERG</a>.
Their scripts are easy to modify and setup all the routing. I run their scripts on both of my linux
machines and then I'm free to do other tasks now. Thanks again ICEBERG. Following is a list of useful
documentation regarding firewalling and packet forwarding:<P>
<LI><A HREF="http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html">Firewall-HOWTO</a><BR>
<LI><A HREF="http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html">IP-Masquerade-HOWTO</a><BR>
<LI><A HREF="http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html">IPCHAINS-HOWTO</a><P>
If you wanna use Napster behind the firewall, you should read <A HREF="http://www.linuxdoc.org/HOWTO/mini/IPMasquerading+Napster.html">IPMasquerading+Napster mini-HOWTO</a><BR>
<P>
<B>Setup External DNS Server at baston host</b><P>
Although I'll use <A HREF="http://www.hn.org">HAMMER NODE</a> to host the DNS entry for my domain name, a working caching only nameserver is still required
to run the linux box. Configuration files were shown below:<P>
<A HREF="misc/chan/baston/named.boot.txt">/etc/named.boot</a><BR>
<A HREF="misc/chan/baston/named.conf.txt">/etc/named.conf</a><BR>
<A HREF="misc/chan/baston/named.ca.txt">/var/named/named.ca</a><BR>
<A HREF="misc/chan/baston/named.local.txt">/var/named/named.local</a><BR>
<A HREF="misc/chan/baston/named.myfakedomain.com.txt">/var/named/named.myfakedomain.com</a><BR>
<A HREF="misc/chan/baston/named.myhome.net.txt">/var/named/named.myhome.net</a><BR>
<A HREF="misc/chan/baston/named.rev.3.txt">/var/named/named.rev.3</a><BR>
<A HREF="misc/chan/baston/named.rev.2.txt">/var/named/named.rev.2</a><BR>
<P>
<B>Connecting to the ADSL modem</b><P>
Connecting the ADSL modem under linux is easy, just download the RPM of <A HREF="http://www.roaringpenguin.com/pppoe/">RP-PPPOE</a> from Roaring Penguin
Software Inc, install it and then run the adsl-setup, that's all. As easy as an window machine.<P>
<B>Migrating domain name to baston host</b><P>
At this moment, the web server does not seems working yet. I fixed it by adding the line below
to the /etc/httpd/conf/httpd.conf file:<P>
ServerName www.myfakedomain.com (for baston host)<BR>
ServerName www.myhome.net (for Intranet Server)<P>
The web servers on both linux were up and running after a reboot. Now what's next? I started my favourite
browser Netscape and did a search on my favourite search engine Google for a Free DNS server. Finally I
reach <A HREF="http://www.hn.org">HAMMER NODE</a>. I was lucky that I could reached hn.org. They provides free services for both dynamic I.P. and
static I.P. user. They have good and easy to use UI and manages to provides both reliable and stable service. I created a virtual
domain mappings accounts and have the configuration like this:<P>
<FORM>
<TABLE BORDER=2 CELLSPACING=0 CELLPADDING=3>
<TR><TD>Rec FQDN</TD><TD>Rec Type</TD><TD>Rec Value</TD><TD>DynDNS</TD><TD>MX Pref</TD><TD>Commands</TD></TR>
<TR><TD>myfakedomain.com<TD>NS</TD><TD>ns1.hn.org</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16131">
<TR><TD>myfakedomain.com</TD><TD>NS</TD><TD>aux1.hn.org</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16132">
<TR><TD>www.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16134">
<TR><TD>myfakedomain.com</TD><TD>A</TD><TD>202.xxx.xxx.xxx</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16135">
<TR><TD>mail.myfakedomain.com</TD><TD>MX</TD><TD>202.xxx.xxx.xxx</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16136">
<TR><TD>ns.myfakedomain.com</TD><TD>NS</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="16138">
<TR><TD>mail.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="18787">
<TR><TD>ns.myfakedomain.com</TD><TD>CNAME</TD><TD>myfakedomain.com</TD><TD>0</TD><TD>0</TD><TD><INPUT TYPE=BUTTON VALUE="Delete"></TD></TR>
<INPUT TYPE=HIDDEN NAME="dom_m" VALUE="2750"><INPUT TYPE=HIDDEN NAME="d_rr_idno" VALUE="18823">
</FORM>
</TABLE>
<P>
After setup the DNS account from hn.org, I change the DNS entry, both of the primary and secondary server to the DNS server
provided by hn.org from the domain registration company (usually register.com or whatever). It may take some times to get
the DNS entry refresh.
<P>
Wonderful! Now the DNS entry was refreshed and all request to www.myfakedomain.com will forward to my baston host. That's simple huh?
Thanks for the great work of hn.org. For details about how to setup DNS entries, please refer to <A HREF="http://www.linuxdoc.org/HOWTO/DNS-HOWTO.html">DNS-HOWTO</a>.<P>
Because the machine connected to ADSL modem provide services for the public, that mean it will be accessed by anyone who have Internet
access from anywhere. I need to restrict the access of various tcpd services for this machine for security reason. I edited the file
/etc/hosts.allow and /etc/hosts.deny accordingly:<P>
/etc/hosts.allow<P>
ALL: 127.0.0.1<BR>
in.telnetd: 192.168.2.2<BR>
in.ftpd: 192.168.2.2<BR>
sshd: 192.168.2.2 203.xxx.xxx.xxx
<P>
/etc/hosts.deny<P>
ALL: ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a /xxx/xxx/tcp.deny.log | mail my@email.com )
<P>
As shown from the above configuration files, all machines from internal network can telnet, ftp, ssh and
sftp to the baston host. The address 203.xxx.xxx.xxx is the I.P. address of my office machine which is allowed
to remote login to the baston host using ssh and transfer file to the baston host using sftp. Telnet and ftp to
the baston host will never allow from machine outside the internal network because user name and password is
transmit in plaintext format. It may be captured by hacker easily. HTTPD is not included in the above
configuration file because HTTPD is not under controlled of INETD. <P>
<B>Connect to the baston host safely using SSH</b><P>
Telnet and FTP is allowed to connect to the baston host from the internal network. SSH and SFTP must be used to
connect from external network. Refer to the article '<A HREF="../issue61/dellomodarme.html">Using ssh</A>' from <I>Linux Gazette</I> about how
to setup and usage of SSH. You must install and running SSHD in order to support SSH. SFTP can be download from
<A HREF="http://enigma.xbill.org/sftp/">http://enigma.xbill.org/sftp/</a>. SFTP is easy to use and install, please refer to the readme from the web site.<P>
<B>Setup the Intranet Server</b><P>
In order to protect the internal network, I
disable all access from external network to my internal network:<P>
/etc/hosts.allow<P>
ALL: LOCAL 192.168.1.2 192.168.1.7<P>
/etc/hosts.deny<P>
ALL: ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a /xxx/xxx/tcp.deny.log | mail my@email.com )<P>
An email will be sent to my mailbox in case there are any activities attempt to connect to any prohibited services
to both of my linux server.<P>
As shown from figure 1, all internal machines have a host name. You can use whatever
host name and domain name for your internal network even the domain name is already
registered at NIC, however, special care must be taken when setting up your own internal
DNS server.<P>
<B>Setting up intranet DNS server - named</b><P>
Again, please refer to the HOWTO or technical books about how to setup a DNS server.
Following shows my configuration files of the DNS server running at the Intranet
server:<P>
<A HREF="misc/chan/intraserver/named.boot.txt">/etc/named.boot</a><BR>
<A HREF="misc/chan/intraserver/named.conf.txt">/etc/named.conf</a><BR>
<A HREF="misc/chan/intraserver/named.ca.txt">/var/named/named.ca</a><BR>
<A HREF="misc/chan/intraserver/named.local.txt">/var/named/named.local</a><BR>
<A HREF="misc/chan/intraserver/named.myhome.net.txt">/var/named/named.myhome.net</a><BR>
<A HREF="misc/chan/intraserver/named.rev.1.txt">/var/named/named.rev.1</a><BR>
<A HREF="misc/chan/intraserver/named.rev.2.txt">/var/named/named.rev.2</a><BR>
<P>
<B>More security issues</b><P>
Hackers are arounding you, only firewalling with packet filtering and
controlling services access from hosts.allow/hosts.deny are never enough.
A few security holes may discover everyday. You should subscribes to
corresponding mailing list and upgrade your linux constantly. A few more articles and
software about security is good and worth to introduce:<P>
<LI><A HREf="../issue46/pollman.html">Security for the Home Network LG #46</a><BR>
<LI><A HREF="http://www.linux-firewall-tools.com/linux/">Linux Firewall and Security Site</a><BR>
<LI><A HREF="http://users.dhp.com/~whisper/mason/">Mason - the automated firewall builder for Linux</a><BR>
<LI><A HREF="http://www.astaro.com">Astaro AG (Great firewall linux distribution with web interface)</a><BR>
<LI><A HREF="http://www.ethereal.com/">The Ethereal Network Analyzer</a><BR>
<LI><A HREF="http://www.nessus.org/">Nessus - The Security Scanner</a><BR>
<LI><A HREF="http://www.stunnel.org/">Stunnel - Universal SSL Wrapper</a><BR>
<P>
<B>How about POP3 and SMTP server?</b><P>
POP3, as same as TELNET and FTP, transfer username and password in plaintext and is considered
insecure. SPOP maybe setup to encrypt POP data. However, I don't want to store my personal email
in any machine outside internal network including my office's workstation. So I'm not going to
setup POP3 in the baston host. The reason not to allow SMTP because relaying mail is dangerous
because spammer will make use of your relayed SMTP server to send their hateful spam mails.
On the other hands, setting up a non-relayed SMTP server for yourself is meaningless because you
cannot send mail from your SMTP server outside the network. I
can simply login to my baston host using ssh and run pine to check and reply my message in a
secure way.<P>
<B>Subdomain for web server</b><P>
Wow, everything working now. I can host my web server, email server and ftp server at my home linux
box. It rocks! Now I need a subdomain resume.myfakedomain.com to host my online resume. Just add
the following lines to the /etc/httpd/conf/httpd.conf handles all the magic:<P>
RewriteEngine on<BR>
## Ignore www.myfakedomain.com<BR>
RewriteCond %{HTTP_HOST} !^www\.myfakedomain\.com [NC]<BR>
## A directory with the name of the subdomain must exist<BR>
RewriteCond %{DOCUMENT_ROOT}/%1 -d<BR>
## Add the requested hostname to the URI<BR>
## [C] means that the next Rewrite Rules uses this<BR>
RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]<BR>
## Translate abc.myfakedomain.com/foo to myfakedomain.com/abc/foo<BR>
RewriteRule ^([a-z-]+)\.myfakedomain\.com/?(.*)$ http://www.myfakedomain.com/$1/$2 [L]<BR>
<P>
<B>Other useful configuration files</b><P>
/etc/hosts (baston host)<P>
<PRE>
127.0.0.1 localhost.localdomain localhost
192.168.2.1 router.myhome.net router
192.168.2.2 gateway.myhome.net gateway
202.xxx.xxx.xxx www.myfakedomain.com www
</pre>
<P>
/etc/hosts (intranet gateway)<P>
<PRE>
127.0.0.1 localhost.localdomain localhost
192.168.1.1 server.myhome.net server
192.168.1.2 devel.myhome.net devel
192.168.1.3 php.myhome.net php
192.168.1.4 asp.myhome.net asp
192.168.1.7 be.myhome.net be
192.168.2.1 router.myhome.net router
192.168.2.2 gateway.myhome.net gateway
</pre><P>
/etc/resolv.conf (baston host)<P>
<PRE>
search myfakedomain.com
nameserver 127.0.0.1
</pre><P>
/etc/resolv.conf (intranet gateway)<P>
<PRE>
search myhome.net
nameserver 127.0.0.1
</pre><P>
<B>Network Card Setting</b><P>
Ethernet port setting:<P>
<IMG SRC="misc/chan/serverport.jpg" BORDER="2">
<P>
More network configuration files:<P>
<A HREF="misc/chan/baston/network.txt">/etc/sysconfig/network</a> (baston host)<BR>
<A HREF="misc/chan/baston/ifcfg-eth0.txt">/etc/sysconfig/network-scripts/ifcfg-eth0</a> (baston host)<BR>
<A HREF="misc/chan/baston/ifcfg-eth1.txt">/etc/sysconfig/network-scripts/ifcfg-eth1</a> (baston host)<P>
<A HREF="misc/chan/intraserver/network.txt">/etc/sysconfig/network</a> (Intranet gateway)<BR>
<A HREF="misc/chan/intraserver/ifcfg-eth0.txt">/etc/sysconfig/network-scripts/ifcfg-eth0</a> (Intranet gateway)<BR>
<A HREF="misc/chan/intraserver/ifcfg-eth1.txt">/etc/sysconfig/network-scripts/ifcfg-eth1</a> (Intranet gateway)<P>
<A HREF="misc/chan/rc.local.txt">/etc/rc.d/rc.local</a> (Both of the Baston host and Intranet gateway)<BR>
<P>
<B>TCP/IP setting summary</b><P>
<TABLE border=1>
<TR><TD colspan=2><B>Baston host</b></td></tr>
<TR><TD>Default Gateway:</td><TD>ppp0</td></tr>
<TR><TD>Nameserver:</td><TD>127.0.0.1</td></tr>
<TR><TD colspan=2> </td></tr>
<TR><TD>Network interface:</td><TD>eth0</td></tr>
<TR><TD>I.P. Address:</td><TD>192.168.3.1</td></tr>
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
<TR><TD colspan=2> </td></tr>
<TR><TD>Network interface:</td><TD>eth1</td></tr>
<TR><TD>I.P. Address:</td><TD>192.168.2.1</td></tr>
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
</table>
<P>
<TABLE border=1>
<TR><TD colspan=2><B>Intranet Server</b></td></tr>
<TR><TD>Default Gateway:</td><TD>192.168.2.1</td></tr>
<TR><TD>Nameserver:</td><TD>127.0.0.1</td></tr>
<TR><TD colspan=2> </td></tr>
<TR><TD>Network interface:</td><TD>eth0</td></tr>
<TR><TD>I.P. Address:</td><TD>192.168.1.1</td></tr>
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
<TR><TD colspan=2> </td></tr>
<TR><TD>Network interface:</td><TD>eth1</td></tr>
<TR><TD>I.P. Address:</td><TD>192.168.2.2</td></tr>
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
</table>
<P>
<TABLE border=1>
<TR><TD colspan=2><B>Workstations from Internal Network</b></td></tr>
<TR><TD>Default Gateway:</td><TD>192.168.1.1</td></tr>
<TR><TD>Nameserver:</td><TD>192.168.1.1</td></tr>
<TR><TD colspan=2> </td></tr>
<TR><TD>Network interface:</td><TD>eth0</td></tr>
<TR><TD>I.P. Address:</td><TD>192.168.1.X</td></tr>
<TR><TD>Subnet mask:</td><TD>255.255.255.0</td></tr>
</table>
<P>
<B>Further setup and reading</b><P>
What if you want to access your internal machine running
windowsz from the other network while maintaining security through the firewall?
The answer is using
Virtual Private Network (<A HREF="http://whatis.techtarget.com/WhatIs_Definition_Page/0,4152,213324,00.html">VPN</a>) technology. Linux do
support VPN in recent version. More details can be find
at <A HREF="http://linuxdocs.org/HOWTOs/mini/VPN.html">VPN HOWTO</a>.
If you have more than one domains and want to host at the same baston host, you may require special setting for your apache web server and sendmail
server. The next version of this article will include the walkthrough of the VPN and virtual domain setup.<P>
If you have any suggestions or comments regarding this document, please feel
free to contact me at <A HREF="mailto:rayxtra@hotmail.com">rayxtra@hotmail.com</A>.
<!-- *** BEGIN copyright *** -->
<P> <hr> <!-- P -->
<H5 ALIGN=center>
Copyright © 2001, Ray Chan.<BR>
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 65 of <i>Linux Gazette</i>, April 2001</H5>
<!-- *** END copyright *** -->
<!--startcut ==========================================================-->
<HR><P>
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="arndt.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue65/chan.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="collinge.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
|
