Re: network gateway with a foreign IP address

Claude Jones wrote:
The problem:
Company has switched over to FIOS and I have to move behind a router
I will be behind a 10.0.0.1 LAN on a Cisco Router
I will be configured with an outside address, let's say 70.xxx.xxx.120 for argument's sake

There's the problem, you don't want an "outside address" on your machine, because it's not outside. The outside address should be on the outward side of the router, and should be NATed to your private address.

Traffic to that address from the outside will be routed to my box inside the network by the Cisco
I need to tell the box/outside NIC that its gateway is 10.0.0.1 even though it's not an address within the IP/subnet that the NIC is configured for

It's not that you can't do this, it's that you probably don't want to do this. If someone wants to put outside addresses on inside machines for political reasons, like "we need outside connectivity" or such, that's the kind of reasoning used by people who took a semester each of FORTRAN and COBOL as part of their MBA. The router should be doing NAT in both directions to make this work in a sane way, and you have far better security by having private IP inside the firewall, so that there is no way packets between trusted machines could leak.


There are reasons for this
Before you say it can't be done, google my subject line and you'll find this nice howto for Debian
http://siddhesh.in/foreign-gateway.php
I'm wondering if I need to pursue the route in that howto, or whether I can configure this with the system-config-network GUI in Fedora -- I see there's a 'Route' tab in there, but I've never used it


--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Routing for Verizon FIOS -- Reward for answer
    ... This is your opportunity to be a Cisco hero I suspect that the right person can solve this problem in a snap, but the solution has been eluding us for over a month. ... Unlike our other ISPs, they have NOT assigned us a separate 30-bit subnet with an address for our router. ... I think Verizon just expected us to NAT everything immediately after their interface, the way that residential customers do with their Actiontec router/firewall units. ... What do we use as an address for the outside interface of our router, which will allow it to route traffic to the gateway, OR, how do we otherwise deal with this problem? ...
    (comp.dcom.sys.cisco)
  • Re: Please Gurus here solve my simple nw problem
    ... >> the router by virtue of being directly connected networks. ... >> The hosts on USERLAN have to have 192.168.0.1 as their default gw. ... If this is the case, then most of the machines in USERLAN, including ... route intenet traffic over its DSL. ...
    (comp.os.linux.networking)
  • Re: The network cant see past our router - the HPUX half, anyway
    ... > PCs running Windows NT/2000, one running NT server, two sparcstations, ... It is a Cisco 1601/1603 router. ... > but I can't get the UNIX machines to see past the router to get this ... You need a two step route, ususally, i.e. ...
    (comp.sys.hp.hpux)
  • Re: The network cant see past our router - the HPUX half, anyway
    ... > PCs running Windows NT/2000, one running NT server, two sparcstations, ... It is a Cisco 1601/1603 router. ... > but I can't get the UNIX machines to see past the router to get this ... You need a two step route, ususally, i.e. ...
    (comp.unix.questions)
  • Re: "route show" command on freebsd
    ... >>the Cisco router that I had to reconfigure a couple months ago had the ... > Cisco command set seems to resemble nothing I've ever seen. ... Tried it on a 2600 here: show ip route works and show route ip will be ... How many OSen do you need on a router, ...
    (comp.unix.bsd.freebsd.misc)