From: Todd Watson (tkw@southwestern.edu)
Date: Wed Feb 13 2002 - 08:42:37 CST
In theory, you might be able to add NAT functionality to the NetReg box.
HOWEVER, as Ed and Michael have pointed out, it will be messy! Unless
you hack the logging functionality of the various servers, you will have
a hard time separating the events and tracing problems. Also, keep in
mind that the NetReg system was designed to use the fake-root DNS setup
for its own lookups. Because of this, you will need to ensure that all
the firewall/NAT services strictly use IP's and don't try lookups or any
identd queries based on host names.
If you are successful in getting this all working, we'd love to have a
small HOWTO and code to add to the NetReg contribs!
Todd
--
Todd K. Watson
Senior System & Network Administrator
Southwestern University, Georgetown, TX
tkw@southwestern.edu || TEL:512.863.1508 || FAX:512.863.1605
jmurray wrote:
>
> Yep, I have come to the same conclusion. Unfortunately, it will take me a
> while to get another box together to do natting (My boss really wanted a
> all-in-one solution to our resnet). Anyway, I beat my head senseless trying
> to get routing / nat / DHCP /DNS / Netreg all on the same box. At least I did
> get DHCP, DNS, and Netreg working correctly. Thanks for your help though.
>
> >===== Original Message From netreg@southwestern.edu =====
> >netreg@southwestern.edu writes:
> >>enabled, but no default gateway or gateway device set.
> >
> >Ack. After all that I looked through the original post again and saw
> >this-there's your problem. You're using the netreg box as your
> >nat/firewall/router, with no default gateway. So, nobody's going anywhere,
> >which is probably a fairly pointless setup. I suppose it might be
> >possible, but I wouldn't use the same box for netreg and firewall, for the
> >simple reason that DNS is all hosed and dealing with logfiles and such
> >would be a PITA. I'd say, for that setup, have netreg be on it's own
> >internal box w/1 nic, like the setup I described in my last message, and
> >have a completely separate box with 2 nics playing firewall/nat and
> >blocking external access to the unregistered IP block. I prefer OpenBSD
> >for that function-very straightforward to configure, well secured by
> >default, and excellent documentation on the OBSD site.
> >
> >
> >Regards,
> >
> >Ed Hintz
> >Network Systems Administrator
> >Natus Medical, Inc.
> >ehintz@natus.com
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:36 CDT