RE: ip masquerading/subnets
- From: "bruce" <bedouglas@xxxxxxxxxxxxx>
- Date: Sun, 25 Nov 2007 14:18:03 -0800
hi john...
i might be missing/lost some emails... so let me start at the very
beginning!! bear with me if you find yourself repeating something you've
already stated...
my initial system (two boxes, nothing between them)
windows linux
box1 ----- >>> ------ box2 >>>>>> (future separate lan box)
eth0 (wireless) ath0 eth0
box1
eth0 - 192.168.1.3
box2
ath0 - 192.168.1.5
eth0 - 192.168.2.5
from box1, i can ping 192.168.1.5
from box1, i can't ping 192.168.2.5
from box2, i can ping box1 (192.168.1.3)
so, what do i/should i do to connect/ping box2/eth0 from box1?
thanks
ps. i do have a router in my overall system that's between the wireless box,
and my cable modem/internet.
thanks
-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of John Summerfield
Sent: Sunday, November 25, 2007 1:11 PM
To: For users of Fedora
Subject: Re: ip masquerading
bruce wrote:
again.. hi john..Well, it's not going to support this configuration. What do you think?
if by network mangler, you mean "network manager", no, it's not enabled on
the laptop/system.
i'm
i've tried various route cmds, but it doesn't appear to be working. (or
screwing something up...)the
i i'm on box1 (which is windows), and i do a ping 192.168.2.33 (which is
eth0 nic) on box2, i'm assuming i have to do something to "translate" the
192.168.2.33, into 192.168.1.33 (which is the ath0) on box2. the only way
box1 can get to box2 is via the ath0 (wireless) nic..
any thoughts/comments/pointers.
I think you should go over my first response and ensure you've done
everything and read every relevant man page.
Within the bounds of your private network, regardless of how many
subnets you use, you do not need to translate network addresses. You do
need to get your routes right, and you do need to ensure IP forwarding
is enabled at every gateway, and you do need to ensure your firewalls
allow the traffic you want.
Tecnically, you _can_ use NAT on your private network, unless you want
every host to be able to access at least one host on every subnet.
have this setup:
<internet> == <gateway>
== 192.168.4.x == <router>
== 172.17.0.x == <router>
== 192.168.9.x
on my setup, every machine on every network can directly access every
other. if I used NAT at any point, that would not be possible.
I also run VPNs on the gateway to other locations; those other locations
on other private network addresses also have direct access (limited by
firewall rules).
masquerade
bruce wrote:
Hi John!!it's
I've forgotten something, as I thought this was working at one time, so
back to the basics....
You haven't said whether you're using network mangler. It will not work
with network mangler.
to begin, i have two boxes:ping
box1 -->>> box2
box1
eth0 - 192.168.1.2
box2
ath0 - 192.168.1.5
eth0 - 192.168.2.5
from box1, i can ping box2/ath0 as they're on the same subnet. i can't
box2/eth0.
from box2, i can ping box1. on box2, i can ping both nics.
how the heck do i setup box2 so box1 can ping box2/eth0??
is there a route cmd i can try on box2 that does a forward of traffic? is
man route
this even possible? i'm pretty sure it should be possible. while i'm
focusing on just a single box to connect to box2/eth0, i want to have all
the boxes in my system eventually connect to box2/eth0, just like they do
with box2/ath0... i shouldn't have to have a route cmd on each box,
particulary as some boxes are windows, and don't have route!!
so.. what's the simple solution for this issue?
i can post my iptables/route output on box2...
thanks
-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of John Summerfield
Sent: Saturday, November 24, 2007 6:46 PM
To: For users of Fedora
Subject: Re: ip masquerading
bruce wrote:
hi...wireless,
i have a situation where i have a system with two connections, one
one eth connetion. i can currently connect with the wireless ath0 to my
network/internet/etc...
however, when i activate the eth0 at the same time, i can't access the
network via ath0. as far as i can tell, i need to implement ip
tosystem-network-config.
have eth0 map, to ath0...You don't need IP masquerading, unless this system's going to be a
my test ip addresses are:
ath0 - 192.168.1.33
eth0 - 192.168.2.33
any thoughts/comments/pointers...
gateway to the Internet for other computers.
You don't need IP masquerading if some other device is already doing it.
The other device does need enough routes to access everything connecting
through it, but in the usual case (you only have one subnet) that's how
it's working. In your case, I assume you're using a "hardware" router
and it's IP address is 192.168.1.1 or 192.168.1.254 (these are defaults
for some brands). If it can be configured to route traffic to
192.168.2.33 via 192.168.1.33, then you don't need IP masquerading, you
just need to configure the route.
You do need both interfaces active at the same time, and network manager
cannot do that at present, I've just engaged in a lengthy discussion
about that either on this list, or on -test.
I don't know whether network manager can be configured to do one network
and not the other.
In addition to configuring both network interfaces to be active at the
same time, you also need to enable forwarding in /etc/sysctl.conf
Here's script I run for myself, for a similar task. It doesn't show
everything, and it won't suit you without some work.
[root@localhost ~]# cat bin/startrelay
#!/bin/bash
ifdown eth0
ifconfig eth0 172.17.0.1
route add -net 192.168.9.0 gw 172.17.0.19 netmask 255.255.255.0 eth0
service dhcpd restart
[root@localhost ~]#
ath0 in this system provides access to the Internet via a Linux system
function as an Internet gateway. It's configured via
"ifdown eth0" takes down the configuration established by
system-config-network for eth0, I don't want this configuration to be
standard.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: ip masquerading/subnets
- From: Mike Wright
- Re: ip masquerading/subnets
- From: Mikkel L. Ellertson
- Re: ip masquerading/subnets
- References:
- Re: ip masquerading
- From: John Summerfield
- Re: ip masquerading
- Prev by Date: how to change default System Properties in Icedtea?
- Next by Date: Re: "apt" to eventaully replace "rpm"?
- Previous by thread: Re: ip masquerading
- Next by thread: Re: ip masquerading/subnets
- Index(es):
Relevant Pages
|
