Re: Advanced routing question

From: Fraser Campbell (fraser_at_wehave.net)
Date: 07/27/03

  • Next message: Viktor Rosenfeld: "Re: Toolchain to run 2.6 kernel? [SOLVED]" 
    To: debian-user@lists.debian.org
Date: Sun, 27 Jul 2003 13:10:25 -0400

    On July 27, 2003 09:10 am, Haim Ashkenazi wrote:

    > I'm trying to combine 2 linux firewalls/routers together. the final host
    > should have the following ports:
    >
    > 1. eth0 - 256kbps frame relay.
    > 2. ppp0 (via eth1) - pppoe adsl with dhcp.
    > 3. eth2-3 - 2 DMZ's.
    > 4. eth4 - localnet.
    >
    > The default route is ppp0.
    >
    > Here's the problem: If I'll connect to the firewall from the internet
    > through eth0 (or even connect to the dmz through the firewall's eth0)
    > wouldn't it try to respond through ppp0 (the default gateway) which will
    > make the connection impossible?

    Yes you need to install some advanced routing rules. Read the advanced
    routing howto (http://www.lartc.org/), you'll need something roughly like
    this:

    # All of my networks
    localnet='172.16.0.0/24'
    dmz_a='172.17.0.0/24'
    dmz_b='172.17.0.0/24
    frame='216.1.2.0/28'

    # Set default route for frame relay network
    ip route add default via 216.1.2.1 table 10 # (table 10 arbitrary choice)

    pri=100

    # ensure that traffic to local IPs is handled by default routing table
    for net in $localnet $dmz_a $dmz_b $frame; do
       ip rule add to $net lookup main pri $pri
    done

    pri=200
    # Make sure that traffic coming from frame IPs get's routing to frame gateway
    ip rule add from $frame lookup 10 pri $pri

    # Flush route cache to make changes immediate
    ip route flush cache

    That should handle everything correctly. Have your pppoe software install a
    default route when it brings up the connection and you shouldn't have to
    worry about any special routing for it. 

    -- 
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Halton Hills, Ontario, Canada                             Debian GNU/Linux
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Viktor Rosenfeld: "Re: Toolchain to run 2.6 kernel? [SOLVED]"

    Relevant Pages

    • Re: Valid Routing Query
      ... The route you describe for a journey from Woking to Slough route ... Exeter, Bristol or Swindon would be much higher than the cost of your ... however based on the online routing ... other maps to allow a complete tracing. ...
      (uk.railway)
    • RE: Fax routing
      ... I understand you could not route your ... Open Server Management ... E-mail incoming routing method" ...
      (microsoft.public.windows.server.sbs)
    • Re: What is the default precedence: local-route, static-route, OSPF-route?
      ... Routing Example #1 ... - EIGRP summary route ... the one with the lowest administrative distance value is ... This administrative distance of a static route can be ...
      (comp.dcom.sys.cisco)
    • Routing in the network :-)
      ... Itojun and I had played off and on ... routing information. ... So AT&T gives me the default route to IP-A1 ... up to FreeBSD.net and AT&T's network went down.. ...
      (freebsd-arch)
    • Re: Routing in the network :-)
      ... Itojun and I had played off and on ... routing information. ... So AT&T gives me the default route to IP-A1 ... up to FreeBSD.net and AT&T's network went down.. ...
      (freebsd-arch)