Re: Advanced routing question
On July 27, 2003 09:10 am, Haim Ashkenazi wrote:
> I'm trying to combine 2 linux firewalls/routers together. the final host
> should have the following ports:
>
> 1. eth0 - 256kbps frame relay.
> 2. ppp0 (via eth1) - pppoe adsl with dhcp.
> 3. eth2-3 - 2 DMZ's.
> 4. eth4 - localnet.
>
> The default route is ppp0.
>
> Here's the problem: If I'll connect to the firewall from the internet
> through eth0 (or even connect to the dmz through the firewall's eth0)
> wouldn't it try to respond through ppp0 (the default gateway) which will
> make the connection impossible?
Yes you need to install some advanced routing rules. Read the advanced
routing howto (http://www.lartc.org/), you'll need something roughly like
this:
# All of my networks
localnet='172.16.0.0/24'
dmz_a='172.17.0.0/24'
dmz_b='172.17.0.0/24
frame='216.1.2.0/28'
# Set default route for frame relay network
ip route add default via 216.1.2.1 table 10 # (table 10 arbitrary choice)
pri=100
# ensure that traffic to local IPs is handled by default routing table
for net in $localnet $dmz_a $dmz_b $frame; do
ip rule add to $net lookup main pri $pri
done
pri=200
# Make sure that traffic coming from frame IPs get's routing to frame gateway
ip rule add from $frame lookup 10 pri $pri
# Flush route cache to make changes immediate
ip route flush cache
That should handle everything correctly. Have your pppoe software install a
default route when it brings up the connection and you shouldn't have to
worry about any special routing for it.
--
Fraser Campbell <fraser@wehave.net> http://www.wehave.net/
Halton Hills, Ontario, Canada Debian GNU/Linux
Reply to: