233 lines
4.5 KiB
HTML
233 lines
4.5 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Dealing with Private IP Networks</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Serial Line IP"
|
|
HREF="x-087-2-slip.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="SLIP Operation"
|
|
HREF="x-087-2-slip.operation.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Using dip"
|
|
HREF="x-087-2-slip.dip.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-slip.operation.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 7. Serial Line IP</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-slip.dip.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN6009"
|
|
>7.3. Dealing with Private IP Networks</A
|
|
></H1
|
|
><P
|
|
>You will remember from <A
|
|
HREF="x-087-2-iface.html"
|
|
>Chapter 5</A
|
|
>, that the
|
|
Virtual Brewery has an Ethernet-based IP network using unregistered
|
|
network numbers that are reserved for internal use only. Packets to or
|
|
from one of these networks are not routed on the Internet; if we were
|
|
to have <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> dial into
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>cowslip</SPAN
|
|
> and act as a router
|
|
for the Virtual Brewery network, hosts within the Brewery's network
|
|
could not talk to real Internet hosts directly because their packets
|
|
would be dropped silently by the first major router.</P
|
|
><P
|
|
>To work around this dilemma, we will configure <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> to act as a kind of launch pad for
|
|
accessing Internet services. To the outside world, it will present
|
|
itself as a normal SLIP-connected Internet host with a registered IP
|
|
address (probably assigned by the network provider running <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>cowslip</SPAN
|
|
>). Anyone logged in to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> can use text-based programs like
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ftp</B
|
|
>, <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
>, or even
|
|
<B
|
|
CLASS="COMMAND"
|
|
>lynx</B
|
|
> to make use of the Internet. Anyone on the
|
|
Virtual Brewery LAN can therefore telnet and log in to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> and use the programs there. For
|
|
some applications, there may be solutions that avoid logging in
|
|
to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
>. For WWW users, for
|
|
example, we could run a so-called <I
|
|
CLASS="EMPHASIS"
|
|
>proxy server</I
|
|
> on
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
>, which would relay all
|
|
requests from your users to their respective servers.</P
|
|
><P
|
|
> Having to log in
|
|
to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> to make use of the
|
|
Internet is a little clumsy. But apart from eliminating the paperwork
|
|
(and cost) of registering an IP network, it has the added benefit of
|
|
going along well with a firewall setup. Firewalls are dedicated
|
|
hosts used to provide limited Internet access to users on your local
|
|
network without exposing the internal hosts to network attacks from
|
|
the outside world. Simple firewall configuration is covered in more
|
|
detail in <A
|
|
HREF="x-087-2-firewall.html"
|
|
>Chapter 9</A
|
|
>. In <A
|
|
HREF="x-087-2-ipmasq.html"
|
|
>Chapter 11</A
|
|
>, we'll discuss a Linux feature called
|
|
“IP masquerade” that provides a powerful alternative to
|
|
proxy servers.</P
|
|
><P
|
|
>Assume that the Brewery has been assigned the IP address <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>192.168.5.74</SPAN
|
|
> for SLIP access. All you
|
|
have to do to realize that the setup discussed above is to enter this
|
|
address into your <TT
|
|
CLASS="FILENAME"
|
|
>/etc/hosts</TT
|
|
> file, naming it
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager-slip</SPAN
|
|
>. The procedure
|
|
for bringing up the SLIP link itself remains unchanged.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-slip.operation.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-slip.dip.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>SLIP Operation</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-slip.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Using dip</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |