Re: network gateway with a foreign IP address
- From: Les Mikesell <lesmikesell@xxxxxxxxx>
- Date: Sat, 12 Apr 2008 12:50:15 -0500
Claude Jones wrote:
I gather that it's simply a case of you moving from direct connection to
the Internet to a connection that's behind your Cisco router. I further
presume that the (nominal) 70.x.x.120 address belongs to the Cisco. In
that case you probably don't want to do what you propose.
Thanks for your thoughts, and yes, your surmising is correct
You might be able to make this work with proxy-arp from the router but there are next-to-no tools to debug things at that level.
Your box should be set up on the internal LAN subnet in the normal way.
All of the interesting configuration should be done on the Cisco router
by setting up source and destination NAT so that internet traffic on
specific ports addressed to the Cisco are routed to your box and
responses are automatically routed back through the Cisco to their
destination.
I viscerally believe you're correct, here - else why is this the way this is universally done, but I sure could use some better technically grounded expertise in the whys and wherefores
Pretty much all IP routing concepts and diagnostic tools depend on the idea that every two connecting points are on a common subnet or defined as point-to-point. If you depend on proxy-arp and it doesn't work, all of the diagnostics will say it's not supposed to work.
Trying to deal with this issue from inside the LAN rather than in the
router will most likely lead to frustration since whatever you do will
be fragile and probably break often if it works at all.
This is where I need better argumentation...if you can help, it would be appreciated. Specific examples of why it's a bad idea, security problems that could occur, other issues...unfortunately, this configuration has been handed to me, it's not my idea, so I need to understand what's wrong with it and be able to offer sound arguments for the more conventional approach, if there's is a really sound technical reason for not doing it this way.
I'm also dealing with the fact that another Linux box, a mail server, has been moved on to this new FIOS lan and configured using the hack that I cited in my original post, and is working quite nicely - unfortunately, I don't clearly understand how to implement that hack on Fedora, but, I'm getting the "if Jack could do this with his Debian box, why can't you with your Fedora?"....
I couldn't access that link you posted so perhaps it's not the best place to get networking advice. What is the argument for not doing it the well understood way? That is, if all of the addresses on the subnet are on this interface or the ones you need can be split to a smaller subnet, just route normally, or if you need a few addresses on the wrong side, use static NAT? At least ask what diagnostic Jack will use to determine where the problem is when his connection is down.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- network gateway with a foreign IP address
- From: Claude Jones
- Re: network gateway with a foreign IP address
- From: John Cornelius
- Re: network gateway with a foreign IP address
- From: Claude Jones
- network gateway with a foreign IP address
- Prev by Date: Re: howto list all non-rpm installed files on system
- Next by Date: Re: permanently enable/disable yum repositories
- Previous by thread: Re: network gateway with a foreign IP address
- Next by thread: Re: network gateway with a foreign IP address
- Index(es):
Relevant Pages
|
|
