* [LARTC] routing within the same network? is it possible?
@ 2004-06-11 14:21 Victor Catten
2004-06-12 12:39 ` Yemi Fowe
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Victor Catten @ 2004-06-11 14:21 UTC (permalink / raw)
To: lartc
Hello,
Is routing within the same network possible?
If it is, what configuration should I put for the firewall/router shown below? I basically want the host debian13 to be able to send packets via a multi-homed firewall. I think the multi-homed firewall involve some routing.
+-------------------+
|debian13 |
|eth0:192.168.0.13 |
+-------------------+
|eth0
|
|eth0
+--------------------------+
|firewall/router(linux-box)|
|which configuration here? |
+--------------------------+
|eth1
|
+----------------------+
| |
|eth0 |eth0
+-------------------+ +-------------------+
|eth0:192.168.0.15 | |eth0:192.168.0.16 |
|debian15 | |debian16 |
+-------------------+ +-------------------+
Thank you!
Victor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] routing within the same network? is it possible?
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
@ 2004-06-12 12:39 ` Yemi Fowe
2004-06-12 12:39 ` Alan Woodland
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Yemi Fowe @ 2004-06-12 12:39 UTC (permalink / raw)
To: lartc
With my little knowledge of TCP/IP, i dont think
routing withing thesame network is possible.
Routing means moving from one network to another.
Thank You
Yemi
n--- Victor Catten <vlcparis@earthlink.net> wrote:
> Hello,
>
> Is routing within the same network possible?
> If it is, what configuration should I put for the
> firewall/router shown below? I basically want the
> host debian13 to be able to send packets via a
> multi-homed firewall. I think the multi-homed
> firewall involve some routing.
>
> +-------------------+
> |debian13 |
> |eth0:192.168.0.13 |
> +-------------------+
> |eth0
> |
> |eth0
> +--------------------------+
> |firewall/router(linux-box)|
> |which configuration here? |
> +--------------------------+
> |eth1
> |
> +----------------------+
> | |
> |eth0 |eth0
> +-------------------+ +-------------------+
> |eth0:192.168.0.15 | |eth0:192.168.0.16 |
> |debian15 | |debian16 |
> +-------------------+ +-------------------+
>
>
> Thank you!
>
> Victor
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] routing within the same network? is it possible?
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
2004-06-12 12:39 ` Yemi Fowe
@ 2004-06-12 12:39 ` Alan Woodland
2004-06-12 13:03 ` Alexis
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Alan Woodland @ 2004-06-12 12:39 UTC (permalink / raw)
To: lartc
>
>
>Hello,
>
>+-------------------+
>|debian13 |
>|eth0:192.168.0.13 |
>+-------------------+
> |eth0
> |
> |eth0
>+--------------------------+
>|firewall/router(linux-box)|
>|which configuration here? |
>+--------------------------+
> |eth1
> |
> +----------------------+
> | |
> |eth0 |eth0
>+-------------------+ +-------------------+
>|eth0:192.168.0.15 | |eth0:192.168.0.16 |
>|debian15 | |debian16 |
>+-------------------+ +-------------------+
>
>
>Thank you!
>
>Victor
>
Sounds like you want to use bridging and ebtables to the firewalling.
http://bridge.sf.net is probably a good place to start.
Alan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] routing within the same network? is it possible?
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
2004-06-12 12:39 ` Yemi Fowe
2004-06-12 12:39 ` Alan Woodland
@ 2004-06-12 13:03 ` Alexis
2004-06-12 13:26 ` Martin Volf
2004-06-14 5:55 ` Peteris Krumins
4 siblings, 0 replies; 6+ messages in thread
From: Alexis @ 2004-06-12 13:03 UTC (permalink / raw)
To: lartc
Yes you can.
Think of this.
As this mail says, routing is to move packets between two different networks.
Thats right.
Ill just let aside the theory and all that bored stuff.
Now, very very very very basic, how you define a network?
with a network address and a mask.
How packets gets routed? by the more specific address.
So, 192.168.0.15/32 and 192.168.0.16/32 will be more specific than the lan. so
there will be routing. Layer 2 will be who take the packet and carries it to the
next hop.
So its perfectly legal and believe me that it works if you put a more specific
static for a connected lan.
An example
my connected lan is 192.168.0.0/24
now, i have in 192.168.1.12 a box with 2 interfaces with some connected
addresses from this lan (13,14,15), if this addresses are configured in the
interface, theres no need for routing, because the box accepts arp requests for
13,14,15 and layer 2 will have the information to switch packet to those
addresses.
But, what if those addresses are not configured and are just simple used for nat
(for example), there is no arp request and arp reply for those addresses, so L2
will not know how to reach those destinations.
In this case you can instruct L3 to reach those destinations (yes, routing) like
this
just if youre using iproute2 just type
ip route add 192.168.0.13/32 via 192.168.0.12
ip route add 192.168.0.14/31 via 192.168.0.12
when a request for 13,14,15 need to be passed, there is no arp entry for those
addresses, so it will check L3 information that is the routing table in this
case, it will find 192.168.0.12/32 as next hop for those addresses, so it will
check for a arp entry for 192.168.0.12 (that really exists) and will switch the
packet with
destination mac > the one that belongs to 192.168.0.12
destination ip address > 13,14,15
hope this helps
----- Original Message -----
From: "Yemi Fowe" <foweyemi@yahoo.com>
To: "Victor Catten" <vlcparis@earthlink.net>; <lartc@mailman.ds9a.nl>
Sent: Saturday, June 12, 2004 9:39 AM
Subject: Re: [LARTC] routing within the same network? is it possible?
> With my little knowledge of TCP/IP, i dont think
> routing withing thesame network is possible.
> Routing means moving from one network to another.
> Thank You
> Yemi
>
>
> n--- Victor Catten <vlcparis@earthlink.net> wrote:
> > Hello,
> >
> > Is routing within the same network possible?
> > If it is, what configuration should I put for the
> > firewall/router shown below? I basically want the
> > host debian13 to be able to send packets via a
> > multi-homed firewall. I think the multi-homed
> > firewall involve some routing.
> >
> > +-------------------+
> > |debian13 |
> > |eth0:192.168.0.13 |
> > +-------------------+
> > |eth0
> > |
> > |eth0
> > +--------------------------+
> > |firewall/router(linux-box)|
> > |which configuration here? |
> > +--------------------------+
> > |eth1
> > |
> > +----------------------+
> > | |
> > |eth0 |eth0
> > +-------------------+ +-------------------+
> > |eth0:192.168.0.15 | |eth0:192.168.0.16 |
> > |debian15 | |debian16 |
> > +-------------------+ +-------------------+
> >
> >
> > Thank you!
> >
> > Victor
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://lartc.org/
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] routing within the same network? is it possible?
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
` (2 preceding siblings ...)
2004-06-12 13:03 ` Alexis
@ 2004-06-12 13:26 ` Martin Volf
2004-06-14 5:55 ` Peteris Krumins
4 siblings, 0 replies; 6+ messages in thread
From: Martin Volf @ 2004-06-12 13:26 UTC (permalink / raw)
To: lartc
Victor Catten wrote:
> Hello,
> > Is routing within the same network possible?
> If it is, what configuration should I put for the firewall/router shown
> below? I basically want the host debian13 to be able to send packets via
> a multi-homed firewall. I think the multi-homed firewall involve some
> routing.
> +-------------------+
> |debian13 |
> |eth0:192.168.0.13 |
> +-------------------+
> |eth0
> |
> |eth0
> +--------------------------+
> |firewall/router(linux-box)|
> |which configuration here? |
> +--------------------------+
> |eth1
> |
> +----------------------+
> | |
> |eth0 |eth0
> +-------------------+ +-------------------+
> |eth0:192.168.0.15 | |eth0:192.168.0.16 |
> |debian15 | |debian16 |
> +-------------------+ +-------------------+
Hello,
see http://lartc.org/howto/lartc.bridging.proxy-arp.html or try this:
on router:
ifconfig eth0 192.168.0.1 netmask 255.255.255.255 -broadcast
ifconfig eth1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
route add -host 192.168.0.13 device eth0
echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 >/proc/sys/net/ipv4/ip_forward
on debianXY:
ifconfig eth0 192.168.0.XY netmask 255.255.255.0 broadcast 192.168.0.255
HTH,
--
Martin
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] routing within the same network? is it possible?
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
` (3 preceding siblings ...)
2004-06-12 13:26 ` Martin Volf
@ 2004-06-14 5:55 ` Peteris Krumins
4 siblings, 0 replies; 6+ messages in thread
From: Peteris Krumins @ 2004-06-14 5:55 UTC (permalink / raw)
To: lartc
Hello Victor,
Friday, June 11, 2004, 5:21:05 PM, you wrote:
VC> +-------------------+
VC> |debian13 |
VC> |eth0:192.168.0.13 |
VC> +-------------------+
VC> |eth0
VC> |
VC> |eth0
VC> +--------------------------+
VC> |firewall/router(linux-box)|
VC> |which configuration here? |
VC> +--------------------------+
VC> |eth1
VC> |
VC> +----------------------+
VC> | |
VC> |eth0 |eth0
VC> +-------------------+ +-------------------+
VC> |eth0:192.168.0.15 | |eth0:192.168.0.16 |
VC> |debian15 | |debian16 |
VC> +-------------------+ +-------------------+
Transparent proxiing will do the trick.
You even wont have to change the default routes on .15 and .16.
1) Assign 192.168.0.14 for the eth0 interface on the router.
2) Assing 0.0.0.0 for eth1 interface on the router.
3) Add routes .15 and .16 via eth1
4) Add a default gw (via eth0,since we gave only that interface an ip)
5) echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
P.Krumins
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-06-14 5:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-11 14:21 [LARTC] routing within the same network? is it possible? Victor Catten
2004-06-12 12:39 ` Yemi Fowe
2004-06-12 12:39 ` Alan Woodland
2004-06-12 13:03 ` Alexis
2004-06-12 13:26 ` Martin Volf
2004-06-14 5:55 ` Peteris Krumins
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.