[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please excuse, but I am not a router/firewall-guru...



> Hello, 
...
> eth0    inet-Access     curently unconfigured
> 
> eth1    publicnet       Network     192.168.1.0
>          64 IP's        IP          192.168.1.1
>                         Broadcast   192.168.1.63
>                         Netmask     255.255.255.192
> 
> eth2    privatenet      Network     192.168.1.64
>          32 IP's        IP          192.168.1.65
>                         Broadcast   192.168.1.94
>                         Netmask     255.255.255.224
** A
> 
> eth3    securenet       Network     192.168.1.96
>          16 IP's        IP          192.168.1.97
>                         Broadcast   192.168.1.111
>                         Netmask     255.255.255.240
> 
> eth4    cybernet        Network     192.168.1.112
>           8 IP's        IP          192.168.1.113
>                         Broadcast   192.168.1.119
>                         Netmask     255.255.255.248
> 
> eth5    wavenet         Network     192.168.1.128
>         128 IP's        IP          192.168.1.129
>                         Broadcast   192.168.1.255
>                         Netmask     255.255.255.128
> 
> I use ipfwadm and I can connect as desired between the Networks... 
> 
>                                         +-----------+
>                                         | router    |
>                 +-----------+           |       eth1+--- publicnet
>                 |           |           |           |
>                 |  ppp-box  |           |       eth2+---privatenet
>                 |           |IP-Masq    |           |
> Inet -----------+ppp0   eth1+-----------+eth0   eth3+--- securenet
> By-Call-ISP     |           |           |           |
>                 |           |           |       eth4+--- cybernet
>                 |           |           |           |
>                 +-----------+           |       eth5+--- wavenet
>                                         |           |
>                                         +-----------+
> 
> Because I like to create I full working "RESCUE-ROUTER-DISK" for 
> reserve and do not make IP-Masq on it, I like to simulate the 
> Internet-Connection with a seperately ppp-box which do the IP-Masq 
> and connect to a By-Call-Provider with my Courier I-modem. 
> 
> ------------------------------------------------------------------------
> Question: How must I do the routing between the PPP-Box and the router, 
>           while on the ppp-box is the Masquerading stuff which run LRP 
>           as well ??? 
> 
>           Must they have:   Network     192.168.1.120
>                             IP          192.168.1.121       router
>                             IP          192.168.1.121       ppp-box
>                             Broadcast   192.168.1.127
>                             Netmask     255.255.255.240
** B
> ------------------------------------------------------------------------
> 
> If I have this running, I like to do the next step: 
> 
> On my Router I have a Harddisk in which I have installed WOODY. 
> 
> All suff not neede is removed like ppp, pppconf, pppoe, ipchains, 
> dhcpd, dhcpcd, man-db, manpages... 
> 
> How can I make the same Router-Setup with WOODY and iptables... 
** C
> 
> Firewall comes soon...
> 
> Thanks
> Michelle Konzack
...

** A
Wrong broadcast for eth2?
Shouldn't it be 192.168.1.95

** B
Using the same ip number for router:eth0 and ppp-box:eth1 is a bad idea.
You could do like:

  ppp-box:
ifconfig  eth1 192.168.1.122 netmask 255.255.255.240 broadcast 192.168.1.127
route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
route add default gw <your isp>
route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.121

  router:
ifconfig  eth0 192.168.1.121 netmask 255.255.255.240 broadcast 192.168.1.127
route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
route add default gw 192.168.1.122

** C
(You don't do routing with iptables. You filters, logs, and rewrites
packet headers with it.)

You use the same config as in B above (except that you don't have to
add the route to the local net since the kernel does it for you when you
do ifconfig).

Regards,
/Karl

-----------------------------------------------------------------------
Karl Hammar                    Aspö Data           karl@kalle.csb.ki.se
Lilla Aspö 2340                                                Networks
S-742 94 Östhammar          +46  173 140 57                   Computers
Sweden                     +46  70 511 97 84                 Consulting
-----------------------------------------------------------------------




Reply to: