From: Aleksandar Milivojevic <amilivojevic@pbl.ca>
To: alucard@kanux.com
Cc: netfilter@lists.netfilter.org
Subject: Re: forwarding on the same NIC
Date: Tue, 11 May 2004 15:37:18 -0500 [thread overview]
Message-ID: <40A1397E.4020508@pbl.ca> (raw)
In-Reply-To: <3440.200.44.170.105.1084303244.squirrel@200.44.170.105>
alucard@kanux.com wrote:
> mmm not at all, it's a cisco router for one of the t1's for the company I
> work for.
Hm, doesn't change much in the hole picture. What you'll need to do
depends much on how much you are allowed to change (and you'll have to
change something, there's no way around it). If you are allowed to
change internal IP address on Cisco, than you can use your Linux box as
router/firewall for internal network (as per diagram I sent earlier).
That would move Cisco out of your internal network (good thing (tm)
since you don't control it, and obviously you are not very keen of
person who does have control over it), and than you can do close to
about anything you desire.
BTW, one stupid question, you did set ip_forwarding to 1 on Linux box,
right? As I recall, it defaults to 0 (either in kernel, or startup
scripts in various distributions set it to 0, not sure).
What John just suggested with virutal interfaces will also work. But
with only one physical interface you must be carefull about ICMP
redirects. Your Linux box is going to start spitting them out as soon
as it detects two networks on same wire, unless you specifically tell it
not to do that. If Cisco and Web2 boxes are set to obey them (bad thing
(tm)), they'll just start talking directly to each other. Been there,
done that.
Anyhow, whatever you choose to do, I would stronly recommend having two
seperate wires. One for your internal network, and another for outside
world. And since you don't have control over Cisco, it boils down to
two NICs in your Linux box or two NICs in your Web box.
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
next prev parent reply other threads:[~2004-05-11 20:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-10 19:36 forwarding on the same NIC alucard
2004-05-10 20:15 ` Antony Stone
2004-05-10 22:09 ` alucard
2004-05-10 22:26 ` John A. Sullivan III
2004-05-11 13:49 ` alucard
2004-05-11 15:09 ` John A. Sullivan III
2004-05-11 15:38 ` alucard
2004-05-11 16:26 ` Aleksandar Milivojevic
2004-05-11 19:20 ` alucard
2004-05-11 20:37 ` Aleksandar Milivojevic [this message]
2004-05-11 17:04 ` John A. Sullivan III
2004-05-11 19:35 ` alucard
2004-05-11 20:09 ` John A. Sullivan III
2004-05-11 21:02 ` alucard
2004-05-10 20:55 ` Alistair Tonner
-- strict thread matches above, loose matches on Subject: below --
2004-05-11 17:30 Daniel Chemko
2004-05-11 22:18 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40A1397E.4020508@pbl.ca \
--to=amilivojevic@pbl.ca \
--cc=alucard@kanux.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.