TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:11279] Hit The Routes!!!
On 20 Dec, Brian Ackermann wrote:
> Heres a diagram...
<diagram snipped>
>> On 18 Dec, Brian Ackermann wrote:
>>> I've subsequently removed all static routes.... heres my current routing
> table.
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use Iface
>>> 205.218.57.25 * 255.255.255.255 UH 0 0 0 eth0
>>> 205.218.57.18 * 255.255.255.255 UH 0 0 0 eth1
>>> 192.168.6.2 * 255.255.255.255 UH 0 0 0 eth2
>>> 205.218.57.16 * 255.255.255.240 U 0 0 0 eth1
>>> 192.168.6.0 * 255.255.255.0 U 0 0 0 eth2
>>> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
>>> default gw.bbros.com 0.0.0.0 UG 0 0 0 eth0
Ok, then this routing table looks correct for that diagram. So now all
you need to do is setup some firewall rules for to allow stuff to get
out.
This should allow you're non-routable stuff out with masquerading.
/sbin/ipchains -P forward DENY
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -A forward -j MASQ -s 192.168.42.0/255.255.255.0
echo "1" > /proc/sys/net/ipv4/ip_forward
Then if you set the default gateway on the server block to
205.218.57.25, I would expect it to work just fine. I'm no network
guru, but from my experience with various systems this should work.
--
Jon Schewe
http://eggplant.mtu.net/~jpschewe
schewe@tcfreenet.org