TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:8792] Multiple Ethernet Woes
- To: tclug-list@mn-linux.org
- Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
- From: Peter Lukas <peter@math.umn.edu>
- Date: Thu, 30 Sep 1999 14:13:44 -0500 (CDT)
- In-Reply-To: <199909301906.OAA09116@math.umn.edu>
Take a look at routed and gated for that. It will allow you to maintain
static routing tables to your remote clinets. Of course, you'll not want
to or be able to route private network traffic externally unless you
establish some sort of VPN between the two...
Peter Lukas
On Thu, 30 Sep 1999, Brian Ackermann wrote:
> Ok, this is where things get wierd....its the medical network thing I mentioned
> before...We get 14 ips from the ISP, and also a class C NAT from the
> 192.168.x.x.
>
> Life would be easier if we could do the NAT'ing locally and still hit our
> Medical clients who are on our ISP's 'NAT'work....but I'm not sure about that...
>
>
>
> ----------
> >From: Michael Hicks <hick0088@tc.umn.edu>
> >To: tclug-list@mn-linux.org
> >Subject: Re: [TCLUG:8792] Multiple Ethernet Woes
> >Date: Thu, Sep 30, 1999, 12:23 PM
> >
>
> >> I've got a 3c509, and a 3c590(Vortex Card). The machine boots, and the
> kernel
> >> recognizes the cards and sets them up as eth0 and eth1. Then it assigns IP
> >> addys to them.
> >>
> >> Well, the long and short is that eth1 does not see machines on the subnet its
> >> assigned to, let alone any others...
> >>
> >> Its been suggested that my route tables were setup incorrectly, but I posted
> >> them a while back and nobody seemed to think they were the problem....
> >>
> >> So, we have a firewall machine with only one working
> card....appearantly...and I
> >> have to get this firewall installed by friday...
> >>
> >> Somebody please help me *begging*
> >
> > (/me digs through the list archives..)
> >
> > | Ok, here's the route table....
> > |
> > | Kernel IP routing table
> > | Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > | 205.218.57.25 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> > | 192.168.6.49 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
> > | 192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> > | 205.218.57.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > | 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> > | 0.0.0.0 205.218.57.17 0.0.0.0 UG 0 0 0 eth0
> >
> > Okay.. Lemme straighten this out. It looks like 205.218.57.25 is the
> > external address, which apparently works fine. It is net-connected, and it's
> > router is 205.218.57.25
> >
> > You have an internal (masqueraded?) network behind this box with the subnet
> > 192.168.6.0. The IP of your box on that network is 192.168.6.49 (kind of an
> > odd number to pick, IMHO).
> >
> > You say you can't ping from this box to anything on the 192.168.6.49 network?
> > Hmm.. I would guess that card is broken, misconfigured, or that the cabling
> > on your network may be less-than-optimal..
> >
> > If you _can_ ping those hosts, I would make sure you have masquerading set up
> > properly.
> >
> > On a RedHat system, edit /etc/sysconfig/network and change
> >
> > FORWARD_IPV4=false
> >
> > to
> >
> > FORWARD_IPV4=true
> >
> > Then, add the necessary ipchains rules to your /etc/rc.d/rc.local or similar
> > file (wherever you want to put it, basically) Something like
> >
> > ipchains -P forward DENY
> > ipchains -A forward -s 192.168.6.0/24 -j MASQ
> >
> > Though it's been a while since I've done that..
> > --
> > _ _ _ _ _ ___ _ _ _ ___ _ _ __ Veni Vidi Visa: I came,
> > / \/ \(_)| ' // ._\ / - \(_)/ ./| ' /(__ I saw, I did a little
> > \_||_/|_||_|_\\___/ \_-_/|_|\__\|_|_\ __) shopping.
> > [ Mike Hicks | http://umn.edu/~hick0088 | mailto:hick0088@tc.umn.edu ]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>