[techtalk] NAT, Routing, or something else?
Samuel Tesla
johngalt at io.com
Mon Apr 23 12:11:38 EST 2001
Actually, I ran into this problem. ::chuckle:: My Cisco is set up in bridging
mode, so that it goes like this:
Internet ------------------------|
|
+-----------+
| My Cisco |
+-----------+
|
+-----------+ 166.93.220.170
+ Firewall +
+-----------+ 209.38.67.1
|
My Lan Computers
209.38.67.0/27
I hadn't thought of using ten-space addressing between the cisco and the
firewall, I'll have to look into that. What I'm trying to figure out is how to
set up some sort of routing daemon so that if I'm on some box on the internet
and I ping 209.38.67.2 it hits my worstation that is behind the firewall.
--
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
Samuel Tesla johngalt at io.com
Today's Fortune Is:
I stick my neck out for nobody.
-- Humphrey Bogart, "Casablanca"
print: CB1E 678E E7E1 827C E30B 2618 6513 F23C C24B 1FFE
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
On Mon, 23 Apr 2001, Angela Nash wrote:
> The problem here is you were assigned one subnet, but you need two. You
> need one between the router and the firewall, and then another behind the
> firewall. To get around this, assign a private address space to the link
> between the router and the firewall. Use something like 10.x.x.x. Then use
> the real subnet behind your firewall. Make sure the Cisco 678 has a static
> route set up so that it knows your real subnet needs to go through the
> firewall (since it's a router too).
>
> On the firewall just enable IP forwarding and set its default route to the
> Cisco. The only quirk with this setup is that an interface with a 10.x.x.x
> address won't be able to access the net....so you won't be able to get out
> to the Internet from your firewall. But, people won't be able to ssh/telnet
> right to the firewall either, since it is sort of hidden.
>
> Jason
>
> -----Original Message-----
> From: Samuel Tesla [mailto:johngalt at io.com]
> Sent: Sunday, April 22, 2001 11:46 PM
> To: techtalk at linuxchix.org
> Subject: [techtalk] NAT, Routing, or something else?
>
>
> So I recently got DSL and a /27 subnet of static IPs to play with. Problem
> is,
> I can't quite figure out what I need to do to set up the routing for the
> IPs.
>
> Here's how the network is set up
>
> Internet ---> ISP Gateway ---> My Cisco 678 ---> My Firewall (486) -< My LAN
>
> Now, I know it is possible to do this somehow, although I've not seen it
> done
> with a Linux kernel. What I'd like to do is assign the IPs in my subnet to
> the
> boxes on my LAN (no NAT or anything) and just have my firewall act as a
> router.
> That alleviates concerns about protocols (and I think is the only way to get
> certain direct computer connection protocols to work).
>
> An alternative is to set up NAT on the firewall (I'm doing masq with
> ipchains
> at the moment) and give the LAN machines ten-space addresses. This I
> already
> know how to set up, but I don't like it. It involves setting up port
> forwarders and what not, and can get tricky with some protocols. I'd like
> to
> avoid this.
>
> There might be another alternative that I'm not aware of.
>
> I've tried running routed to accomplish the routing, but I cannot ping my
> internal IPs from the outside (of course, I can go from inside to outside,
> due
> to the MASQ). I'm trying to figure out how to do the first scenario (the
> actual routing) with the Linux kernel, and the Adv-Routing-HOWTO didn't seem
> to
> cover it (I may be mistaken).
>
> I'd like to figure it out so that I can call up and hassle my ISP if
> neccessary.
>
> Thanks in advance, folks.
>
> - --
>
> -=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
> =-
> Samuel Tesla
> johngalt at io.com
> Today's Fortune Is:
>
>
> A 'full' life in my experience is usually full only of other people's
> demands.
>
> print: CB1E 678E E7E1 827C E30B 2618 6513 F23C C24B 1FFE
>
>
> -=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
> =-
>
>
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
>
More information about the Techtalk
mailing list