[Techtalk] Network routing/bridging help...

Michelle Murrain tech at murrain.net
Sat Dec 28 17:30:13 EST 2002 

I am re-working my network, and I have reached a stuck place and need help.

I have a T1 line, connected to a Cisco router. I decided to add a 
linux firewall (running debian testing). I am now stuck with a 
routing problem.

For a variety of reasons (primarily because almost everything I have 
are servers of one sort or another, and I have enough IPs) I decided 
to give everything public IP addresses (all in one subnet). The 
firewall has 2 nic cards. It's connected by a crossover cable to the 
Cisco router, which basically now sits there and simply routes 
traffic from my subnet in and out. The second card will be connected 
via a regular cable to a switch, which has the rest of the hosts off 
of it.

internet ---------  cisco router -----------eth1-- firewall 
-eth0----------- switch
	            x.x.x.35		x.x.x.51       x.x.x.50 
(x.x.x.32->64)

I have ip forwarding on.

We (helpful irc chix and I) cannot figure out how to do the routing 
on this, the most likely problem is that all of the IPs are on the 
same subnet. So far, I have set up a default gateway on the firewall 
as the .35 cisco router, and the default gateways on the individual 
boxes as .50 (the firewall), although neither trying .35 or .51 work 
either.

When I have this set up, I can get out into the world from the 
firewall, and also ping .50 and .51 from the internal boxes, but 
can't get out into the world from them, no matter what. This is what 
my /etc/network/interfaces looks like:

auto eth0
iface eth0 inet static
         address 66.152.196.50
         netmask 255.255.255.224

auto eth1
iface eth1 inet static
         address 66.152.196.51
         netmask 255.255.255.224
         gateway 66.152.196.35

The idea was to set up individual routes for each host to the gateway - like:
route add x.x.x.40 netmask 255.255.255.224 gw 66.152.196.50
But that didn't work.

I've tried various permutations on a lot of things, but nothing has 
appeared to make any bit of difference.

Any advice, or pointers to good docs or books is welcomed (I've had a 
hard time finding good docs for this stuff, so that would be 
appreciated).

Thanks!!!
-- 
.Michelle

--------------------------
Michelle Murrain, Technology Consulting
tech at murrain.net     http://www.murrain.net
413-253-2874 ph
413-222-6350 cell
413-825-0288 fax
AIM:pearlbear0 Y!:pearlbear9 ICQ:129250575

"A vocation is where the world's hunger & your great gladness meet." 
Frederick Buechner

More information about the Techtalk mailing list