[techtalk] NAT, Routing, or something else?

Angela Nash Chick at the-nashes.net
Mon Apr 23 20:13:54 EST 2001 

You don't need a routing daemon.  Routing daemons are only used when you
have a group of routers and they need to exchange routing info.  In your
case, they don't.  So simply enable IP forwarding on your Linux system and
it will route between its two interfaces.  You can enable it via the kernel
compile or by echoing a 1 to /proc/sys/net/ipv4/ip_forward 

Jason

-----Original Message-----
From: Samuel Tesla [mailto:johngalt at io.com]
Sent: Monday, April 23, 2001 1:12 PM
To: Angela Nash
Cc: techtalk at linuxchix.org
Subject: RE: [techtalk] NAT, Routing, or something else?


Actually, I ran into this problem. ::chuckle::  My Cisco is set up in
bridging
mode, so that it goes like this:

Internet ------------------------|
                                 |
                           +-----------+
                           |  My Cisco |
                           +-----------+
                                 |
                           +-----------+ 166.93.220.170
                           +  Firewall + 
                           +-----------+ 209.38.67.1
                                 |
                            My Lan Computers 
                            209.38.67.0/27


I hadn't thought of using ten-space addressing between the cisco and the
firewall, I'll have to look into that.  What I'm trying to figure out is how
to
set up some sort of routing daemon so that if I'm on some box on the
internet
and I ping 209.38.67.2 it hits my worstation that is behind the firewall.

-- 
 
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
=-
 Samuel Tesla
johngalt at io.com
                              Today's Fortune Is:


 I stick my neck out for nobody.
 		-- Humphrey Bogart, "Casablanca"

            print: CB1E 678E E7E1 827C E30B  2618 6513 F23C C24B 1FFE

 
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
=-

On Mon, 23 Apr 2001, Angela Nash wrote:

> The problem here is you were assigned one subnet, but you need two.  You
> need one between the router and the firewall, and then another behind the
> firewall.  To get around this, assign a private address space to the link
> between the router and the firewall.  Use something like 10.x.x.x.  Then
use
> the real subnet behind your firewall.  Make sure the Cisco 678 has a
static
> route set up so that it knows your real subnet needs to go through the
> firewall (since it's a router too).
> 
> On the firewall just enable IP forwarding and set its default route to the
> Cisco.  The only quirk with this setup is that an interface with a
10.x.x.x
> address won't be able to access the net....so you won't be able to get out
> to the Internet from your firewall.  But, people won't be able to
ssh/telnet
> right to the firewall either, since it is sort of hidden.
> 
> Jason
> 
> -----Original Message-----
> From: Samuel Tesla [mailto:johngalt at io.com]
> Sent: Sunday, April 22, 2001 11:46 PM
> To: techtalk at linuxchix.org
> Subject: [techtalk] NAT, Routing, or something else?
> 
> 
> So I recently got DSL and a /27 subnet of static IPs to play with.
Problem
> is,
> I can't quite figure out what I need to do to set up the routing for the
> IPs.
> 
> Here's how the network is set up
> 
> Internet ---> ISP Gateway ---> My Cisco 678 ---> My Firewall (486) -< My
LAN
> 
> Now, I know it is possible to do this somehow, although I've not seen it
> done
> with a Linux kernel.  What I'd like to do is assign the IPs in my subnet
to
> the
> boxes on my LAN (no NAT or anything) and just have my firewall act as a
> router.
> That alleviates concerns about protocols (and I think is the only way to
get
> certain direct computer connection protocols to work).  
> 
> An alternative is to set up NAT on the firewall (I'm doing masq with
> ipchains
> at the moment) and give the LAN machines ten-space addresses.  This I
> already
> know how to set up, but I don't like it.  It involves setting up port
> forwarders and what not, and can get tricky with some protocols.  I'd like
> to
> avoid this.
> 
> There might be another alternative that I'm not aware of.
> 
> I've tried running routed to accomplish the routing, but I cannot ping my
> internal IPs from the outside (of course, I can go from inside to outside,
> due
> to the MASQ).  I'm trying to figure out how to do the first scenario (the
> actual routing) with the Linux kernel, and the Adv-Routing-HOWTO didn't
seem
> to
> cover it (I may be mistaken).  
> 
> I'd like to figure it out so that I can call up and hassle my ISP if
> neccessary.
> 
> Thanks in advance, folks.
> 
> - -- 
>  
>
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
> =-
>  Samuel Tesla
> johngalt at io.com
>                               Today's Fortune Is:
> 
> 
>  A 'full' life in my experience is usually full only of other people's
> demands.
> 
>             print: CB1E 678E E7E1 827C E30B  2618 6513 F23C C24B 1FFE
> 
>  
>
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
> =-
> 
> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
> 


_______________________________________________
techtalk mailing list
techtalk at linuxchix.org
http://www.linux.org.uk/mailman/listinfo/techtalk

More information about the Techtalk mailing list