On Sun, 2007-04-01 at 22:13 +0800, edwardspl(a)ita.org.mo wrote: I really can't understand what you're asking, just making a wild guess if you're asking whether you need to use views if your server is part public and part private. If that's the case, no. I have a private LAN that's all one subnet behind a NAT modem/router. It has a DNS server which resolves local address for local machines, and it also acts as the DNS server for those machines to query for internet addresses. Any machine that can access it will get the same answers for queries. It's not publically accessible, though. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.

On Sun, 2007-04-01 at 23:42 +0800, edwardspl(a)ita.org.mo wrote: Your router needs to associate those last two addresses together. Are you using a configurable one? Depending on your network, you might connect 202.175.123.123 to 192.168.0.1 with rules. You might set that computer to use 202.175.123.123 as its address, directly. If you have a series of public addresses that you can use, you *can* use them directly. Don't know what you mean. Can't understand that, either. It's an incoherent mix of words. How is your network physically set up? Do you have a modem connected to a router, connected to a network of computers? Is the modem a combination modem and router? Is your router a "router" or a computer working as one? How are the other computers connected? Don't know what you mean. You want to set up a DHCP server to dole out those addresses? You want to enable NAT? -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.

On Mon, 2007-04-02 at 21:05 +0800, edwardspl(a)ita.org.mo wrote: You'll need to configure the router to tie those addresses together. Command line or GUI? CLI: Learn how to use iptables. GUI: You can use, in Gnome, the System menu, Adminstration sub-menu, Security level and firewall GUI. You can use Firestarter (install it). CLI: Learn how to use chkconfig. GUI: In Gnome it's found at: System menu, Adminstration sub-menu, Services (perhaps inside a Server settings sub-menu). Turn off what's not needed, and what you don't want. We can't really advise on everything that can be turned off, we don't know what you need. I'd advise that on a server, you configure NTPD to run. You want your logging to have reliable time, and it'd be good for it to allow local PCs (on your LAN) to synchronise their clocks with it). Opposite of the above steps. Iptables, using the -nat table on Linux, but you need to do that in your router. Set up the DHCP server on a machine. Configure it with addresses for your LAN PCs to use for their DNS server and gateway (the router LAN IP). Enable NAT on the gateway device (your router). -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.

On Sun, 2007-04-01 at 23:51 +0800, edwardspl(a)ita.org.mo wrote: You'd use iptables rules to do firewalling and NAT. You can write them by hand, or use a configuration tool like firestarter (firestarter is *not* something that I have experience with). See the iptables man file for how to do that, but if that appears too hard, look at firestarter. There's a couple of GUI tools for setting them up, but I think that's recommended as one of the easier ones. For generic firewalling, you'd set up a rule that dropped all new connections by default. Then you'd add specific rules to allow *some* things. You'd do this on any machine, itself, that was publically accessible. Which leads to linking public IPs to local LAN IPs. You could use forwarding rules to pass all connections to a specific public address to an internal one, or more specific rules just for certain ports (such as running a webserver). There are specific iptable rule types for NAT purposes (nat and prerouting), rather than just port forwarding rules. I haven't played with NAT tied into public IPs, so that's beyond my experience. You'd want to do things that way, though, if you want a machine in your LAN to act as if directly on the internet. I think that's getting beyond the free help on a mailing list, though. You need to know quite a bit about how networking works, before you can use the tools to set it up. If you knew that, you ought to be able to work out how to use the tools. It sounds like you need to read more about that, first. Then you mention DNS. Again, it's too vaguely worded. Are you setting up a DNS server so all your LAN PCs can use it to resolve LAN addresses? Or for it to resolve internet addresses for them? Or for it to answer public queries for your own domain name? NB: I think some things are getting lost in translation. You might also want to write it in your native tongue, you might get a direct reply from someone who knows exactly what you mean. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.