RE: [LARTC] routing network through bastian host

From: Greg Scott <GregScott@InfraSupportEtc.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] routing network through bastian host
Date: Tue, 29 Jan 2002 00:46:58 +0000	[thread overview]
Message-ID: <marc-lartc-101226446704821@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101225210204294@msgid-missing>

Is your LAN off of eth1 a DMZ with some kind of publicly availble
server that you want protected?  You could put it in another private
address range, say 192.168.10.0/24 and then use SNAT and DNAT to
disguise it from the world.

Or you could split up a.b.c.0/24 into two sets of a.b.c.0/25 and
a.b.c.128/25 if you need real routable IP addresses on this DMZ 
system.  

You will want the same subnet mask on your a.b.c.<whatevers> unless
you plan to subnet it even more when you get farther inside.  Remember, 
the mask determines which bits are the network and which bits are the 
host.  So it needs to be consistent all the way through. 

- Greg

-----Original Message-----
From: David Koski [mailto:david@kosmosisland.com]
Sent: Monday, January 28, 2002 3:07 PM
To: LARTC@mailman.ds9a.nl
Subject: [LARTC] routing network through bastian host

Hello,

This seems to be a common problem but AFAIK, without a common solution.  The
network map is as follows:

    T1 to ISP
        |
        | /30 net
        |
+----------------+
| cisco router   |
+----------------+
        | FastEthernet0/0
        | a.b.c.1/24
        |
 (possible switch/hub here in future)
        |
        | a.b.c.2/24
        | eth0
+----------------+
|                |
|           eth1 |---a.b.c.3/24-public-net-----> lan
| linux box      |
|           eth2 |---192.168.1.0/24-private-net---> lan
|                |
+----------------+

Of course the above does not work as eth0 and eth1 are on the same subnet.
So
far, I can see two possible solutions:

1. reassign the cisco to linux net to a private point to point /30 net.  I
have
tried with limited success.

2. reassign the cisco to linux net to a.b.c.1/29 (cisco) and a.b.c.2/29
(linux
box).  This would give me a block of 8 between cisco and linux and would
enable
me to add a switch/hub between to feed another host for backup mail relay
and
dns server.

Questions:

1. Does a different subnet mask define a different subnet?  Will the "two
nics
same net" conflict be resolved by applying a longer mask to one subnet?

2. What is required to route through the linux box in "solution" 2 above?
Is
this a case of "more specific, preferred route" applied?

3. Any relevant RFC's would be helpful.

4. Of course, ANY suggestions welcome.

TIA,
David Koski
david@KosmosIsland.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/