TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:10339] Possible solution
I think whats going on here is
internal ------------ external -------------- ----------------
------------| firewall |------------| dsl router |-----| gw.bbros.com |
network ------------ -------------- ----------------
eth0 is the internal network interface at 192.168.6.48/255.255.255.0
eth1 is the external interface at 205.218.57.25/255.255.255.240
The default gateway is gw.bbros.com 205.218.57.17
In between the firewall is a hub which is used to connect a couple
other systems on the 205.218.57.16/255.255.255.240 network.
The internal firewall interface is connected to another hub which has
systems from the 192.168.6.0/255.255.255.0 network and other systems
on the 205.218.57.16/255.255.255.240 network. The way it was explained
to me, or at least how i understood it was that the two networks are
overlayed on the same physical media on the internal network.
The question Brian is asking is how can he make the systems which use
the external 205.218.57.16/255.255.255.240 network address which are
connected on the internal network side use his firewall?
I would suggest re-addressing the 205.218.57.16/255.255.255.240 which
are connected to the internal network to be on the 192.168.6.0
network. Let the firewall handle the NAT/MASQ. Clean up the network
topology and let the firewall do its job.
Or perhaps someone could provide another idea about how this might
be done? I knbow that the firewall box itself is (or at least was)
configured correctly with proper definitions for the internal,
external, default gateway, and netmask.
Regards
- Karl
On Wed, 24 Nov 1999, Brian J. Ackermann wrote:
> Ok, but what about the 205.218.57.[16-31] addresses?
>
> I definately agree with you about yanking all info from the scripts and
> starting over, its something I've been thinking about for some time now.
>
> Thanks,
> Brian
>
> > Be sure that for each interface, gateway, netmask and perhaps broadcast
> > are specified explicitly -- don't let the system fill in its defaults, we
> > don't trust it. This is what you want:
> >
> > 1. Traffic to the internal network (192.168.6.0) has the internal network
> > interface (eth0, 192.168.6.48) as its gw.
> > 2. Traffic to the Internet (0.0.0.0) has gw.bbros.com as its gateway.
> > 3. /etc/hosts and/or DNS are properly configured so that using a name
> > (gw.bbros.com) in your routing table will work. Alternatively, you can
> > use gw.bbros.com's IP address in your table.
> > 4. IPv4 Forwarding is enabled in your kernel, so that traffic from the
> > internal network (whose nodes have your eth0/192.168.6.48 listed as
> > their gateway) destined for the Internet will find its way out.
> >
> > Read the ifconfig(8) and route(8) man pages closely, to get an idea of how
> > ifconfig(8) shapes the routing table, and to learn how you can poke the
> > routing table by hand if required.
> >
> > I hope this helps. If anyone can find any flaws in my reasoning or factual
> > errors in my explanation, please correct them.
> >
> > --
> > Christopher Reid Palmer : http://www.innerfireworks.com/
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>