Confused what is the Gateway in the different configuration


(Stefan) #1

At the moment I am working trough the setup of me new home server and read the documentation, Howto and post in the forum. Now I am total confused what the gateway is.
Lets start with installation when you going through the first setup.
I have to insert the IP address for the first NIC (green). Because it isn’t possible to use DHCP from the router I used 192.168.0.50. The router has 192.168.0.1
The default IP address for the gateway is 192.168.1.253.
Why is it X.X.X.253?
If I kept it as 192.168.0.253 the server couln’t get an internet connection. @Ctek had the same problem. You can read it in his Howo Install Nethserver as AD with linux and windows clients
AS I changed it to 192.168.0.1 it works.

After the setup is finish I started via the browser the setup of the second NIC. Also there is a field for a gateway IP address.
Do I need one?
Which IP is the correct one?
Is this depend on the LAN infrastructure?
Some principle information in the documentation, maybe with a sketch of the physical setup as @Ctek did, would help to make the right settings.


Change Gateway in the Setup
Ns after router - pass dhcp to clients
Change Gateway in the Setup
#2

Hi Stefan,

How many NICs did you have I your server?

I you are confuse when the gateway rule, perhaps it’s because you don’t need it.

What did you expect to dod with your router? keep it on your network, or eliminate it for the NEthserver do the job?


(Stefan) #3

I have two NICs.

I will keep the router as it is and it is responsible for the IP address via DHCP.

The NS should check the emails for spam and viruses. Also handle the right management for the data stored on the server. At the moment I don’t know which will be the solution. Via ownCloud or LDAP?


#4

Ok.
You can choose between these three rules:

  • Put the Nethserver before your router, to act as Gateway/router and leave your actual router as a single switch.
  • Put the Nethserther before your router, only for firewall and proxy, and let your router continuing doing the job. No DHCP, No dns, quase nothing for the Nethserver service.
  • Put the Nethserver binhind the routeur, let this one do it’s actual job, and connect the two NIC in bonding mode on the router, and let Nethserver as server only.

(Stefan) #5

Thank you. This makes it a little bit clear.

For a small business it would be version three.
If the NS should work as a spam and virus filter for the emails does the physical setup has to be as
Internet <-> Router <-> NS <-> Clients? or Internet <-> Router <-> NS & Clients?

I don’t understand this configuration. Why should I connect the two NIC to the router? Than I have no NIC free to connect the clients. Or do you mean the clients are connected with the router as well?


#6

Is the Nethserver will be the email server?


(Stefan) #7

I have email accounts with three different email provider. At the moment I collect them with Thunderbird. NS should be between provider and Thunderbird and filter out the spam and viruses. If you mean this as email server than yes.


#8

In this case, Nethserver will not help, in my opinion.

Because the NS will not be proxy, neither Firewall.

Your client will connect to yours providers without go through the NethServer.


(Stefan) #9

I thought it would be possible to have the NS between. Maybe the NS has to be a mail-server.

Anyway. It is too late for me to continue today.
Thank you for your help.
I will search in the internet for a solution.


(Rob Bosch) #10

@jim you forgot to mention to have a double NAT situation where red connects to the modem/router and green creates a different local LAN. I use this situation quite often and it works well.


#11

Yes, I do… When the Nethserver is before the router, the two first rules…

When doing this job behind the router… @WillZen will need one more switch…


(Renan Azedo ) #12

Like that?


(Renan Azedo ) #13


(Rob Bosch) #14

Exactly. But I would set eth1 (red) as a static IP address in the subnet of the internal interface of the router. Then you can forward ports/services from the router to NS.


#15

If there’s the router and the switch, I would prefer to put the the Nethserver between the router and Internet, as Firewall.
The router will be under protection.

Edit the router will be in the private side.


(Rob Bosch) #16

Sorry, but why have an extra router when NS is taking up that task?
In most consumer situations the ISP provides a modem/router. The modem is configureren tot set up a PPPoE connection. Most of the time the credentials are nog known tot the enduser. In this case, if you want your own gateway/utm you are stuck with double NAT.
Some ISPs allow to put the modem/router in transparant mode. Then the external IP address will be forwarded to the gateway/utm (NS in our case :smile:) andere will there be no double NAT.


#17

@WillZen said small business.
And in lot of countries, the ISP provide a basic modem/router.
Here, we doesn’t have the connection type ( optical fiber, ADSL, SDSL, other…)

I take the “ideal” situation :grin:

Edit: And if the router have severals ports… behind the Firewall, it can act as switch too.

Think in how to maximize ressources too :wink:


(Bogdan Costin) #18

Hi Rob,
I have to agree with Jim on this.
The preffered setup is to have a firewall between your ISP (with or without router/modem) and your NethServer.
This way you have an extra layer of protection for your setup.

Also. DO NOT relay on the security features of the ISP provided modem/router. Most of the time the firmware in that device is obsolete and most probably is full of holes.

Think of it just as a media converter from Fiber or ADSL or Cable to your Ethernet but that is all.
If you really want exposure to your NS you can forward your request on ports to your NS but it is best practice to filter them :slight_smile: .

BR
Bogdan


(Rob Bosch) #19

NS = firewall, so why have another firewall?


(Bogdan Costin) #20

Because the first FW will be dedicated only to Firewall and Gateway
So that means that any missconfiguration or error in the config or bug will not expose your entire server / data to the “bad people”. :smile: