Re: Routing from private to bridge

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Philip Craig <philipc@snapgear.com>
To: Tom Gaudasinski <cetus@internode.on.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: Routing from private to bridge
Date: Mon, 24 Oct 2005 18:09:06 +1000	[thread overview]
Message-ID: <435C96A2.3090807@snapgear.com> (raw)
In-Reply-To: <43598481.8040306@internode.on.net>

On 10/22/2005 10:14 AM, Tom Gaudasinski wrote:
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> 120.40.60.192  0.0.0.0         255.255.255.248 U     0      0        0 br0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
> 0.0.0.0         120.40.60.193  0.0.0.0         UG    0      0        0 br0
> 
> How can i get the private LAN users to route to the publically bridged 
> subnet?

What is the routing table on the public machines?
What NAT rules do you normally use?

It may be that the private machines and firewall are fine, but the routing
is wrong on the public machines.  If they simply have the default gateway
of 120.40.60.193, then they will be sending reply packets for private
addresses to the DSL modem, which is wrong.

Although these packets go via the firewall, their ethernet destination will
be the DSL router, so the firewall will bridge them rather than route.

You have two options:

- add a route on the public machines to use the firewall as the
gateway for the private addresses

- make sure the NAT rule on the firewall always NATs the private
addresses, even for connections to the public machines.

     prev parent reply	other threads:[~2005-10-24  8:09 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-22  0:14 Routing from private to bridge Tom Gaudasinski
2005-10-22  2:21 ` Rod
2005-10-22  9:07 ` George Alexandru Dragoi
2005-10-22 10:38 ` George Alexandru Dragoi
2005-10-24  8:09 ` Philip Craig [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=435C96A2.3090807@snapgear.com \
    --to=philipc@snapgear.com \
    --cc=cetus@internode.on.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.