* [LARTC] Subnet/routing question
@ 2002-07-10 17:55 Larry Flathmann
2002-07-10 20:20 ` Michael T. Babcock
0 siblings, 1 reply; 2+ messages in thread
From: Larry Flathmann @ 2002-07-10 17:55 UTC (permalink / raw)
To: lartc
Forgive me if this is something so simple that i
should already know it, but i need to understand
if i can accomplish this with Linux routing.
We have a /26 subnet from our ISP, and we have
been using a Linux box as a firewall to put all
our workstations behind NAT, with port forwarding
for any box that's providing a service to the
whole world.
We now need to implement a system which will not
support any kind of NAT - it requires having an external IP.
Is it possible to use Linux routing to break up
the /26 subnet into two /27 subnets, and to do
NAT on addresses in one of the /27 subnets and to
route addresses on the other /27 subnet straight
through to that internal network?
This is what i've tried, which i haven't gotten to work:
ISP
[x.y.z.193/26]
|
|
[x.y.z.194/27 eth0]
[x.y.z.225/27 eth0:0]
Linux Firewall
[192.168.0.0/24 eth1] (for NAT connections through
the x.y.z.192/27 subnet)
[x.y.z.226/27 eth1:0] (for straight through routing
of IP addresses in the
x.y.z.224/27 subnet)
I've added rules to the routing table to create the
connection, but i cannot get a packet with an address
in the x.y.z.224/27 range to cross over between
eth0 and eth1 in either direction. (Connections using
NAT work fine) And the firewall is not stopping them,
because the packets still don't go through even when
i turn the firewall off.
I'm definitely a newbie to the routing area, so maybe
my routing table is wrong. What would i need in it?
BTW, i'm running Mandrake Linux 8.2 right out of the
box. Do i have to recompile the kernel to get some
of these options?
Thanks! I can't tell you how much i'd appreciate
some light on this problem!
Larry
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] Subnet/routing question
2002-07-10 17:55 [LARTC] Subnet/routing question Larry Flathmann
@ 2002-07-10 20:20 ` Michael T. Babcock
0 siblings, 0 replies; 2+ messages in thread
From: Michael T. Babcock @ 2002-07-10 20:20 UTC (permalink / raw)
To: lartc
Try:
eth0 (external) - > x.y.z.193/27
eth1 (internal) -> x.y.z.225/27 (non-nat)
eth2 (internal) -> 192.168.0.0/24 (nat)
eth0 -> turn on proxy_arp
eth1 -> turn on proxy_arp
eth2 -> leave proxy_arp off.
This should work just fine.
Connections for the eth1-connected addresses will 'forward' through the
box (set up your firewall rules appropriately) from eth0 (and
vice-versa). To explain what I mean:
ipchains -A forward -s x.y.z.255/27 --jump ACCEPT
ipchains -A forward -s 192.168.0.0/24 --jump MASQ
... have fun.
--
Michael T. Babcock
CTO, FibreSpeed Ltd.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-07-10 20:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-10 17:55 [LARTC] Subnet/routing question Larry Flathmann
2002-07-10 20:20 ` Michael T. Babcock
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.