[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re (2): Configuration for a Linux router with a client having a public address

peasthope@shaw.ca wrote:

So now I am really confused.  carnot is already on the public internet
with  I thought that you had it on a private network
and were trying to tunnel it onto the public internet.  I am really
confused now.  Sorry.

> My network is documented in 
>   http://carnot.yi.org/NetworksPage.html 
> with a link under "Miscellaneous Links" in the home page.

Since those are old diagrams they don't show where carnot fits into
things.  On which wire will carnot be placed?  That part I am not
clear about.  Thanks.

> The configuration in the diagram is current.
> dalton =
> carnot =

And of course carnot isn't on the diagram so I feel I am just missing
the mark here.

> If carnot had extra space on a bus, I'd think of adding a second Ethernet 
> card with address

What is carnot's first card's address and which wire is it hooked to?

> The existing Ethernet on carnot would be connected to
> dalton's

If carnot is already on then why does it need a
private address and what looks like an openvpn point to point link
between it and dalton?

> The second Ethernet on carnot would have no cable attached of
> course.

No wire?  Then why have it?  I am much confused!

> Can two addresses be assigned to one interface?

Yes.  Easily.  Simply add the other address.  I prefer to use the 'ip'
tool for these kinds of things.  Make sure you have the 'iproute'
package installed.  Then you can say

  # ip addr add brd dev eth0 label eth0:0
  # ip addr del dev eth0 label eth0:0

and you can put those in up and down directives in your
/etc/network/interfaces file.

  allow-hotplug eth0
  iface eth0 inet static
    up ip addr add brd dev eth0 label eth0:0
    down ip addr del dev eth0 label eth0:0

That adds an address with a label when the interface comes up and
removes it when the interface is brought down.  It enables two
different subnets to co-exist on the same wire.  This machine knows
about both subnets and can talk to either.  A machine with an IP on
only one of those subnets would only know about that one and not the
other.  It isn't a security arrangement since if an interface were in
promiscuous mode it would observe all packets on both networks.  It is
useful in some situations such as IP renaming transitions and other


Attachment: signature.asc
Description: Digital signature

Reply to: