From: "Rob Sterenborg" <rob@sterenborg.info>
To: netfilter@vger.kernel.org
Subject: RE: Basic Routing
Date: Sun, 2 Nov 2008 20:53:46 +0100 [thread overview]
Message-ID: <014201c93d24$b7dab310$27901930$@info> (raw)
In-Reply-To: <490DF4CA.1010808@amfes.com>
> Thanx. I'm still not sure of the vocabulary with which to phrase
> my "true" question - so I'll try it with more words (although I
> think you've already answered me - I'm just looking for
> confirmation).
>
> Given:
> 1. A linux box "router" that has ip-fowarding enabled, and no
> restrictions via iptables.
> 2. This box has a routing table that lists two or more networks
>
> If another host on network 'A', lists the box "router" as its
> default gateway, and tries to contact network 'B' through the
> router - will the router automagically pass along the packets?
If network A is your LAN and network B is "the internet", the packet
might be routed onto the internet but even if it reaches the destination
IP (which it may not because of the configuration of other routers and
firewalls), you'll never get a reply packet because a reply packet for a
private IP will most likely be routed to their own DMZ or LAN. So, you
can't setup a full connection like this.
However, if you were using public IP's (not in 192.168.x.x, etc) on your
LAN then you could just route the packet.
> Or this simply doesn't work, because of a basic networking concept
> I haven't grasped - and NAT is the technique to accomplish this?
Yes, one way or another, some form of NAT is the technique to be used.
As Grant explained you can also use ebtables. I'm writing about NAT
using iptables.
> I guess part of my difficulty lies in a lack of experience
> configuring non-linux routers. Behind-the-scenes, as it were, do
> all/most routers use NAT to accomplish the goal of linking
> networks?
Normally you'd only encounter NAT situations when connecting a
host/network to the internet and you're using private space IP's on the
network.
> It always seemed to me NAT was a 'kludge' that was somehow
> unnecessary when "more expensive?" equipment was involved.
No, NAT is a necessary kludge because not every computer that must be
connected to the internet can have a public IP: there just aren't enough
IP's to do that. That's why home networks and corporate networks (well,
those I know of) mostly use private IP's on their LAN and use NAT
(and/or a proxy) to get to the internet.
NAT is not/should not be necessary between networks if you have
something like this:
------------- ------- -------------
| Network A |--| RTR |--| Network B |
------------- ------- -------------
Here, the router knows the route to each network and can just route
packets to each other. No need for NAT here.
Maybe you find this tutorial useful in understanding things. The history
says it's not updated since 2006, but the information still holds for at
least the large part.
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Grts,
Rob
next prev parent reply other threads:[~2008-11-02 19:53 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-02 16:15 Basic Routing Daniel L. Miller
2008-11-02 17:03 ` Rob Sterenborg
2008-11-02 18:43 ` Daniel L. Miller
2008-11-02 19:53 ` Rob Sterenborg [this message]
2008-11-03 1:59 ` Daniel L. Miller
2008-11-02 20:04 ` Grant Taylor
2008-11-02 20:51 ` Grant Taylor
2008-11-03 1:52 ` Daniel L. Miller
2008-11-03 2:34 ` Grant Taylor
2008-11-03 19:29 ` Daniel L. Miller
2008-11-03 19:39 ` Daniel L. Miller
2008-11-03 20:26 ` Grant Taylor
2008-11-05 0:00 ` Daniel L. Miller
2008-11-05 5:21 ` Rob Sterenborg
2008-11-05 15:56 ` Grant Taylor
2008-11-05 18:22 ` Rob Sterenborg
2008-11-05 18:30 ` Grant Taylor
2008-11-05 19:49 ` Rob Sterenborg
2008-11-05 15:24 ` Grant Taylor
2008-11-03 23:40 ` Amos Jeffries
2008-11-04 23:13 ` Grant Taylor
2008-11-04 23:53 ` Daniel L. Miller
2008-11-05 12:24 ` John Haxby
2008-11-05 17:31 ` Grant Taylor
2010-09-20 21:40 ` Daniel L. Miller
2010-09-20 23:41 ` Jan Engelhardt
2010-09-21 3:34 ` Grant Taylor
2008-11-05 17:17 ` Grant Taylor
2008-11-02 19:06 ` Grant Taylor
2008-11-03 10:54 ` Pascal Hambourg
2008-11-03 16:35 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2014-10-04 1:10 Basic routing John Smithee
2014-10-04 1:24 ` John Smithee
2014-10-04 8:50 ` George Botye
2014-10-04 1:34 ` Neal Murphy
2014-10-04 2:52 ` John Smithee
2014-10-04 3:05 ` Dennis Jacobfeuerborn
2014-10-04 5:02 ` Neal Murphy
2014-10-04 7:04 ` John Lister
2014-10-04 11:06 ` John Smithee
2014-10-04 13:56 ` Thomas Bätzler
2014-10-04 15:07 ` John Smithee
2014-10-04 17:44 ` John Smithee
2014-10-05 15:41 ` John Lister
2014-10-06 9:41 ` André Paulsberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='014201c93d24$b7dab310$27901930$@info' \
--to=rob@sterenborg.info \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).