* Linux router/gw box.
@ 2003-11-06 17:10 Stephan Viljoen
2003-11-06 17:35 ` Antony Stone
0 siblings, 1 reply; 3+ messages in thread
From: Stephan Viljoen @ 2003-11-06 17:10 UTC (permalink / raw)
To: netfilter
Hi there,
I've build a router for my wireless users which is about 50 customers.
Now each user has it's own subnet which I all added onto one network
card. How good idea is it to do something like this and is there a
better way off doing this. I'm somewhat new to this whole netfiler / ip
routing thing. This is what my routing table looks like at the moment.
I've basically added virtual interfaces for each subnet on one network
card.
Example : eth1:0 , eth1:1, eth1:2
Kind Regards
Stephan
10.0.1.168 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.172 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.160 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.164 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.184 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.188 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.176 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.180 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.136 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.140 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.128 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.132 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.152 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.156 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.148 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.232 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.236 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.224 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.228 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.248 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.252 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.240 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.244 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.200 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.204 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.192 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.196 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.216 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.208 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.212 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.44 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.40 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.36 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.32 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.60 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.56 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.52 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.48 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.12 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.8 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.4 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.0 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.28 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.24 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.20 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.16 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.108 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.104 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.96 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.124 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.120 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.116 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.112 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.76 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.72 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.68 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.64 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.92 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.88 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.84 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.1.80 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.240 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.244 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.248 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.228 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.232 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.2.236 0.0.0.0 255.255.255.252 U 0 0 0
eth1
10.0.5.0 0.0.0.0 255.255.255.248 U 0 0 0
eth1
10.0.5.24 10.0.1.26 255.255.255.248 UG 0 0 0
eth1
10.0.5.16 0.0.0.0 255.255.255.248 U 0 0 0
eth1
10.0.5.40 0.0.0.0 255.255.255.248 U 0 0 0
eth1
10.0.5.56 0.0.0.0 255.255.255.248 U 0 0 0
eth1
10.0.0.0 0.0.0.0 255.255.255.240 U 0 0 0
eth1
10.1.0.0 0.0.0.0 255.255.255.224 U 0 0 0
eth1
10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
lo
0.0.0.0 217.10.176.149 0.0.0.0 UG 0 0 0
eth0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux router/gw box.
2003-11-06 17:10 Linux router/gw box Stephan Viljoen
@ 2003-11-06 17:35 ` Antony Stone
2003-11-06 18:10 ` RES: " RL...
0 siblings, 1 reply; 3+ messages in thread
From: Antony Stone @ 2003-11-06 17:35 UTC (permalink / raw)
To: netfilter
On Thursday 06 November 2003 5:10 pm, Stephan Viljoen wrote:
> Hi there,
>
> I've build a router for my wireless users which is about 50 customers.
>
> Now each user has it's own subnet
Why?
> which I all added onto one network card.
Okay, you can do that if you want to (but it can cause puzzles, and strange
things to happen if you're not careful).
> How good idea is it to do something like this and is there a
> better way off doing this.
For 50 networks I can't think of another way to do it unless you use a switch
with VLAN capability, which I guess would be a bit expensive. Certainly
building a netfilter box with 50 network connections is (a) difficult
(finding the right hardware), and (b) expensive (because you need things like
PCI backplanes and 4-port network cards).
It's not impossible, but you'd have to really want to do it to try.
> I'm somewhat new to this whole netfiler / ip routing thing.
I think the important question (at least for this mailing list) is:
- what protection are you trying to provide by using netfilter?
As far as your routing table is concerned, I don't see why you can't replace
the whole thing with:
10.0.0.0 255.255.255.0 eth1
10.0.1.0 255.255.255.0 eth1
10.0.2.0 255.255.255.0 eth1
10.0.5.0 255.255.255.0 eth1
10.1.0.0 255.255.255.0 eth1
10.2.0.0. 255.255.0.0 eth1
169.254.0.0 255.255.0.0 eth2
127.0.0.0 255.0.0.0 lo
0.0.0.0 0.0.0.0 217.10.176.149 eth0
or even:
10.0.0.0 255.0.0.0 eth1
169.254.0.0 255.255.0.0 eth2
127.0.0.0 255.0.0.0 lo
0.0.0.0 0.0.0.0 217.10.176.149 eth0
(By the way, there must be an entry missing from what you posted earlier,
since there's no subnet 217.10.176.x listed for eth0, but I'm sure you must
have it on your machine (unless perhaps eth0 uses a point-to-point link?).
Regards,
Antony.
--
When do you expect the official release of the 2.6.0 kernel?
Rusty Russell: From previous releases, a pattern has emerged: exactly 6
months before it's ready.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 3+ messages in thread* RES: Linux router/gw box.
2003-11-06 17:35 ` Antony Stone
@ 2003-11-06 18:10 ` RL...
0 siblings, 0 replies; 3+ messages in thread
From: RL... @ 2003-11-06 18:10 UTC (permalink / raw)
To: Antony Stone, netfilter
You can set one or two nic´s with vlan (802.1q)
And the switch will be very necessary.
...
-----Mensagem original-----
De: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]Em nome de Antony Stone
Enviada em: quinta-feira, 6 de novembro de 2003 15:36
Para: netfilter@lists.netfilter.org
Assunto: Re: Linux router/gw box.
On Thursday 06 November 2003 5:10 pm, Stephan Viljoen wrote:
> Hi there,
>
> I've build a router for my wireless users which is about 50 customers.
>
> Now each user has it's own subnet
Why?
> which I all added onto one network card.
Okay, you can do that if you want to (but it can cause puzzles, and strange
things to happen if you're not careful).
> How good idea is it to do something like this and is there a
> better way off doing this.
For 50 networks I can't think of another way to do it unless you use a
switch
with VLAN capability, which I guess would be a bit expensive. Certainly
building a netfilter box with 50 network connections is (a) difficult
(finding the right hardware), and (b) expensive (because you need things
like
PCI backplanes and 4-port network cards).
It's not impossible, but you'd have to really want to do it to try.
> I'm somewhat new to this whole netfiler / ip routing thing.
I think the important question (at least for this mailing list) is:
- what protection are you trying to provide by using netfilter?
As far as your routing table is concerned, I don't see why you can't replace
the whole thing with:
10.0.0.0 255.255.255.0 eth1
10.0.1.0 255.255.255.0 eth1
10.0.2.0 255.255.255.0 eth1
10.0.5.0 255.255.255.0 eth1
10.1.0.0 255.255.255.0 eth1
10.2.0.0. 255.255.0.0 eth1
169.254.0.0 255.255.0.0 eth2
127.0.0.0 255.0.0.0 lo
0.0.0.0 0.0.0.0 217.10.176.149 eth0
or even:
10.0.0.0 255.0.0.0 eth1
169.254.0.0 255.255.0.0 eth2
127.0.0.0 255.0.0.0 lo
0.0.0.0 0.0.0.0 217.10.176.149 eth0
(By the way, there must be an entry missing from what you posted earlier,
since there's no subnet 217.10.176.x listed for eth0, but I'm sure you must
have it on your machine (unless perhaps eth0 uses a point-to-point link?).
Regards,
Antony.
--
When do you expect the official release of the 2.6.0 kernel?
Rusty Russell: From previous releases, a pattern has emerged: exactly 6
months before it's ready.
Please reply to the
list;
please don't CC
me.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-11-06 18:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-06 17:10 Linux router/gw box Stephan Viljoen
2003-11-06 17:35 ` Antony Stone
2003-11-06 18:10 ` RES: " RL...
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox