Re: Please excuse, but I am not a router/firewall-guru...
> Hello,
...
> eth0 inet-Access curently unconfigured
>
> eth1 publicnet Network 192.168.1.0
> 64 IP's IP 192.168.1.1
> Broadcast 192.168.1.63
> Netmask 255.255.255.192
>
> eth2 privatenet Network 192.168.1.64
> 32 IP's IP 192.168.1.65
> Broadcast 192.168.1.94
> Netmask 255.255.255.224
** A
>
> eth3 securenet Network 192.168.1.96
> 16 IP's IP 192.168.1.97
> Broadcast 192.168.1.111
> Netmask 255.255.255.240
>
> eth4 cybernet Network 192.168.1.112
> 8 IP's IP 192.168.1.113
> Broadcast 192.168.1.119
> Netmask 255.255.255.248
>
> eth5 wavenet Network 192.168.1.128
> 128 IP's IP 192.168.1.129
> Broadcast 192.168.1.255
> Netmask 255.255.255.128
>
> I use ipfwadm and I can connect as desired between the Networks...
>
> +-----------+
> | router |
> +-----------+ | eth1+--- publicnet
> | | | |
> | ppp-box | | eth2+---privatenet
> | |IP-Masq | |
> Inet -----------+ppp0 eth1+-----------+eth0 eth3+--- securenet
> By-Call-ISP | | | |
> | | | eth4+--- cybernet
> | | | |
> +-----------+ | eth5+--- wavenet
> | |
> +-----------+
>
> Because I like to create I full working "RESCUE-ROUTER-DISK" for
> reserve and do not make IP-Masq on it, I like to simulate the
> Internet-Connection with a seperately ppp-box which do the IP-Masq
> and connect to a By-Call-Provider with my Courier I-modem.
>
> ------------------------------------------------------------------------
> Question: How must I do the routing between the PPP-Box and the router,
> while on the ppp-box is the Masquerading stuff which run LRP
> as well ???
>
> Must they have: Network 192.168.1.120
> IP 192.168.1.121 router
> IP 192.168.1.121 ppp-box
> Broadcast 192.168.1.127
> Netmask 255.255.255.240
** B
> ------------------------------------------------------------------------
>
> If I have this running, I like to do the next step:
>
> On my Router I have a Harddisk in which I have installed WOODY.
>
> All suff not neede is removed like ppp, pppconf, pppoe, ipchains,
> dhcpd, dhcpcd, man-db, manpages...
>
> How can I make the same Router-Setup with WOODY and iptables...
** C
>
> Firewall comes soon...
>
> Thanks
> Michelle Konzack
...
** A
Wrong broadcast for eth2?
Shouldn't it be 192.168.1.95
** B
Using the same ip number for router:eth0 and ppp-box:eth1 is a bad idea.
You could do like:
ppp-box:
ifconfig eth1 192.168.1.122 netmask 255.255.255.240 broadcast 192.168.1.127
route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
route add default gw <your isp>
route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.121
router:
ifconfig eth0 192.168.1.121 netmask 255.255.255.240 broadcast 192.168.1.127
route add -net 192.168.1.120 netmask 255.255.255.240 # for a 2.0.x kernel
route add default gw 192.168.1.122
** C
(You don't do routing with iptables. You filters, logs, and rewrites
packet headers with it.)
You use the same config as in B above (except that you don't have to
add the route to the local net since the kernel does it for you when you
do ifconfig).
Regards,
/Karl
-----------------------------------------------------------------------
Karl Hammar Aspö Data karl@kalle.csb.ki.se
Lilla Aspö 2340 Networks
S-742 94 Östhammar +46 173 140 57 Computers
Sweden +46 70 511 97 84 Consulting
-----------------------------------------------------------------------
Reply to: