[Techtalk] routing between networks...

Nils Philippsen nils at wombat.dialup.fht-esslingen.de
Wed Aug 28 23:27:47 EST 2002 

On Wed, 2002-08-28 at 22:40, Walt wrote:
> Nils Philippsen wrote:
> >On Wed, 2002-08-28 at 21:28, Walt wrote:
> > > I have two internal networks (10.0.0.* & 10.0.1.*)
> > > connected to the same redhat linux box. I need
> > > to be able to route network traffic between them.
> > >
> > > Can someone give me some pointers on where
> > > to start/what to use? Do I need to setup IPTables
> > > or is there a more seamless way of integrating
> > > the networks?
> >
> >Set net.ipv4.ip_forward to 1 in /etc/sysctl.conf and that should be it:
> >[...]
> ># Controls IP packet forwarding
> >net.ipv4.ip_forward = 1
> >[...]
> 
> Thanks Nils, that basically answered my
> question and enabled me to access my
> other server & network. (see diagram)
> 
> However...
> 
> Julie wrote:
> >Also, if she doesn't have a default route defined, or her gateway
> >to the outside world is other than the bridge between her two private
> >networks, she may well need a number of other routes.
> >
> >She doesn't, however, need "iptables" (which was another question).
> 
> My server on 10.0.0.1 provides internet
> access to my 10.0.0.0 network using IPTables.
> 
> Can forwarding packets to/from the internet
> for the network on the other side of the bridge
> (10.0.1.0) be accomplished with routes instead
> of iptables?

iptables for masquerading 10.x.y.z, routes to reach 10.0.1.0.

> Below is a rough diagram of my network...
> 
> _________       ___________     _________
> |10.0.0.1|      |10.0.0.2& |    |10.0.1.0|
> |gateway |______|10.0.1.1  |____|Network |
> |between |   |  | "Bridge" |    |________|
> |10.0.0.0|   |  |__________|
> |  and   |   |
> |internet|   |  __________
> |________|   |__|10.0.0.0 |
>                  |Network  |
>                  |_________|

This clarifies things (I thought your bridge and firewall would be the
same machine). In theory, it should suffice for you to set up the route
on your firewall, though. When a host on 10.0.0.0 tries to reach
something in 10.0.1.0, it sends packets to 10.0.1.0 which will relay the
packet through the static route and issue an ICMP REDIRECT to the
originating host which will update its dynamic routing table. At least
Linux boxes should do it -- you can always set a static route on all
10.0.0.x hosts to be on the safe side, but it's more cumbersome.

Nils
-- 
Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
+49.7152.209647
   nils at wombat.dialup.fht-esslingen.de / nils at redhat.de / nils at lisas.de
   PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
       Ever noticed that common sense isn't really all that common?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://linuxchix.org/pipermail/techtalk/attachments/20020828/5c7674c5/attachment.pgp

More information about the Techtalk mailing list