From: Michael Schoen schoen@anduras.de
To: lartc@vger.kernel.org
Subject: [LARTC] iproute2 and routing entries
Date: Mon, 06 Nov 2000 12:35:54 +0000 [thread overview]
Message-ID: <marc-lartc-98373938216899@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98373938216886@msgid-missing>
<PRE>hi,
><i> The last I heard was that one of the networking guys gave this explanantion
</I>><i> and challenged someone to give an example of where this was the wrong
</I>><i> thing to do. The thread died there IIRC.
</I>><i>
</I>><i> Personally I think it's a great feature because in at least 99.99% of
</I>><i> cases it's exactly what you want and I havn't found an example of the
</I>><i> other 0.01%.
</I>
okay - here¥s a strange set-up, but if you think over it, it has some nice
advantages.
Assume you have a public network (e.g. 132.231.1.0) routed to your fw/gateway.
For the dmz you use a private network (e.g. 10.10.10.0). In the dmz you have
two public server (www 132.231.1.1 and mail 132.231.1.2).
on the internal interface of the gw/fw use the ip 10.10.10.254. The two
public server have the 2nd adress 10.10.10.1 (www) and 10.10.10.2 (mail).
Now use the following route-entries:
www and mail:
10.10.10.0/24 -> eth0
default -> 10.10.10.254
and on the firewall you set the following route entries:
10.10.10.0/24 -> eth0
132.231.1.1/32 -> 10.10.10.1
132.231.1.2/32 -> 10.10.10.2
This design has the (dis?)advantage that every packet with public ip
addresses within the dmz is routed again over the fw/gw. For some
security/accounting reasons this is not a bad idea <g>
.\\ichael Schoen
--
Michael Schoen <<A HREF="mailto:schoen@anduras.de">schoen@anduras.de</A>> _/_/_/
_/_/_/
ANDURAS AG i.G. Internet: www.anduras.de _/_/_/
Innstrafle 71 Tel: 0851/4 90 50-0 _/_/_/
94036 Passau Fax: 0851/4 90 50-55 _/_/_/
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
</PRE>
prev parent reply other threads:[~2000-11-06 12:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-02 17:35 [LARTC] iproute2 and routing entries Michael
2000-11-05 21:57 ` bert
2000-11-06 11:39 ` Martijn
2000-11-06 12:35 ` Michael [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98373938216899@msgid-missing \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.