[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Linux box, multi NICs routing



you can route to ISDN router for internet .

> -----Original Message-----
> From:	Mikkel L. Ellertson [SMTP:mikkel Infinity-ltd com]
> Sent:	Sunday, June 17, 2001 10:49 AM
> To:	Redhat General List
> Subject:	Re: Linux box, multi NICs routing
> 
> On Sun, 17 Jun 2001, Philip Tong wrote:
> 
> > I have a Linux box setup with 2 NICs to provide routing over 2 segment
> of
> > networks using local ip.
> >
> > Segment A : 10.0.0.0 / 255.0.0.0
> > Segment B : 192.168.0.0 / 255.255.255.0
> >
> > Linux box : eth0 / Segment A / 10.0.0.2
> >             eth1 / Segment B / 192.168.0.1
> >
> > I have an ISDN router on Segment B with the IP address 192.168.0.2.
> >
> > Hosts in Segment A is suppose to go thru the Linux box for Internet
> access.
> >
> > I plan to use the Linux box to do packet filtering.
> >
> > I have manage to get everything up and running.
> >
> > Problem, the only way I can get hosts in Segment A to access the
> Internet
> > is when I turn on masquerading on the Linux box.
> >
> > My intention, Linux box to provide routing between Segment A & B
> without
> > NAT, let the ISDN router handle the NAT.
> >
> > Is it possible?
> >
> >
> It is possible.  Getting the linux box to do the routing is fairly easy.
> Getting the ISDN router to do NAT for the two different networks will be
> a bit harder.  Ermember, if you are not doing masquerading on the Linux
> box, then the ISDN router will see 10.0.0.x addresses.  It has to know
> that 192.168.0.1 is the gateway to 10.0.0.x.
> 
> To get the Linux box to route between the two networks, you have to turn
> on IP forwarding, just as you would for masquerading, and set your
> forwarding rules to forward the packets in both directions.  You can do
> this by setting the default rule for forwarding to accept, and deny what
> you want blocked, or set it to deny, and add rules for the packets you
> want the firewall to forward.  (I preferre the second method.)
> 
> You also have to remember to accept the packets you want to forward in
> your imput rules, and let them out with your output rules.  Basicly, you
> set it up the same way as the masquerading rules, but with -j ACCEPT
> instead of -j MASQ for the forwarding rules if you use IP chains.  If
> you use IP tables, then you will have to figure out the rules...
> 
> Mikkel
>  --
> 
>     Do not meddle in the affairs of dragons,
>  for you are crunchy and taste good with ketchup.
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> Redhat-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-list
WARNING: The information in this message is confidential and may be legally
privileged. It is intended solely for the addressee.  Access to this message
by anyone else is unauthorised.  If you are not the intended recipient, any
disclosure, copying, or distribution of the message, or any action or
omission taken by you in reliance on it, is prohibited and may be unlawful.
Please immediately contact the sender if you have received this message in
error. Thank you.----------------- HCL Perot Systems





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]