Re: forwarding on the same NIC - John A. Sullivan III

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: alucard@kanux.com
Cc: netfilter@lists.netfilter.org
Subject: Re: forwarding on the same NIC
Date: Tue, 11 May 2004 13:04:37 -0400	[thread overview]
Message-ID: <1084295076.15641.54.camel@localhost> (raw)
In-Reply-To: <2022.200.44.170.105.1084289894.squirrel@200.44.170.105>

On Tue, 2004-05-11 at 11:38, alucard@kanux.com wrote:

> <snip>
> That's correct, exactly what I though. There's no forwarding because we
> are using the same subnet
> 
> > In other words, you are bridging rather than routing and thus need to
> > make a layer two decision rather than a layer three decision.  I
> > understand there is bridging functionality available in Linux but I have
> > never used it and do not know where to find it.
> 
> Anyone could help? the thing is that, this second webserver is using and
> aplication that we use internally and, what I'm trying to do here is,
> access the web configuration service from the outside using our existing
> server, which is the only one nat'ed', so our other offices can access it.
> Since the second server is a production server, there's no way we can
> change it's IP and use a subnet.
OK - so let me summarize again just to make sure I understand you.  The
2nd Webserver at 10.73.219.77 is used by internal resources and cannot
change its IP address.  You want to make it available to remote users in
other offices via the Internet but the only Internet access you have is
through the one Linux box.

If you do not want to expose the 2nd Webserver to the world but only
make it available to other offices, you may wish to consider an IPSec
VPN between the other offices and the Linux box although we'd need to
know a little more about how your ISP is getting you to the Internet and
how your other offices access the Internet.

You will still have the routing problem.  You can create a second
network without changing the IP address.  It will depend on how the
internal users access the 2nd Webserver.  If the access is also through
the Linux box, then you can split the 10.73.219.x network.  Assuming it
is using a 24 bit mask, you could create the network 10.73.219.0/25 and
10.73.219.128/25.  Leave the NIC with 10.73.219.156 on the latter
network, add a second NIC with an address on the former network and
place the second Webserver on the former network - note there is no need
to change the IP address of the 2nd Webserver or the DNS entry - just
the subnet mask.
> 
<snip>
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net

next prev parent reply	other threads:[~2004-05-11 17:04 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-10 19:36 forwarding on the same NIC alucard
2004-05-10 20:15 ` Antony Stone
2004-05-10 22:09   ` alucard
2004-05-10 22:26     ` John A. Sullivan III
2004-05-11 13:49       ` alucard
2004-05-11 15:09         ` John A. Sullivan III
2004-05-11 15:38           ` alucard
2004-05-11 16:26             ` Aleksandar Milivojevic
2004-05-11 19:20               ` alucard
2004-05-11 20:37                 ` Aleksandar Milivojevic
2004-05-11 17:04             ` John A. Sullivan III [this message]
2004-05-11 19:35               ` alucard
2004-05-11 20:09                 ` John A. Sullivan III
2004-05-11 21:02                   ` alucard
2004-05-10 20:55 ` Alistair Tonner
  -- strict thread matches above, loose matches on Subject: below --
2004-05-11 17:30 Daniel Chemko
2004-05-11 22:18 Daniel Chemko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1084295076.15641.54.camel@localhost \
    --to=john.sullivan@nexusmgmt.com \
    --cc=alucard@kanux.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.