Re: Routing from local to local network

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/16/04 

Date: Wed, 15 Sep 2004 20:55:19 -0500

In article <ci9fpo$41v$1@nemesis.news.tpi.pl>, Her-Bat wrote:
>there is a local network (192.168.1.x) with a router (192.168.1.100).
>All computers (Win95/98/... systems, IP 192.168.1.x) have 192.168.1.100
>as DNS and GW

Well, DNS assumes that you are _running_ a DNS server on that host. But
you have to watch out with the "gateway" designation. This ASSUMES
that 192.168.1.100 is the way to the Internet, and the world as a whole.
If this is not the case, this host should only be listed as the gateway
to the actual networks it can reach. I'll assume that you really mean
that the world can be reached through 192.168.1.100.

>and 255.255.255.0 as a mask. All works fine.

OK

>There is a second router (192.168.1.101) in this network, which is
>connected with other local network (192.168.0.x), in which a router
>with IP 192.168.0.101 is presented.

OK

>And now a question: what to do (i.e. how to configure iptables) for
>such a goal: in the 1st local network (192.168.1.x) entering (e.g. in
>IE) an adress 192.168.0.x should be redirected via 192.168.1.101 router
>to 192.168.0.101 router, and next to the 2nd local network.

As long as 192.168.1.100 knows to use 192.168.1.101 as the route to
192.168.0.x, that portion of the routing _MAY_ work. HOWEVER, there are
two problems. Unless you have put in rules to block/drop packets in
the firewall, iptables NORMALLY would not be involved.

1. Not all operating systems will listen to a 'redirect' message.
Linux ignores them because they have been used as a denial of service
attack. Also, this wastes bandwidth on your wire, and CPU cycles on
the 192.168.1.100 router. Windoze may or may not follow redirects.
Given microsofts absolute rejection of security, it might work, but
it's a pretty large security problem, allowing anyone on your net to
disrupt it completely.

2. What about the computers on the 192.168.0.x network. Have they
been configured to send packets for 192.168.1.x to 192.168.0.101 ?
If 192.168.1.100 does reach to the world, AND the computers on the
192.168.0.x network are supposed to have access to the world, host
192.168.0.101 could be designated the 'default gateway' ON THAT SEGMENT
ONLY.

The correct answer for the 192.168.1.x network is to set the computers
so that they know to use the correct router. It only takes a few
seconds on each box to set that - even on windoze.

For an ordinary Linux host on the 192.168.1.x network, /sbin/route -n
should look like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 95017 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 420 lo
192.168.0.0 192.168.1.101 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.100 0.0.0.0 UG 0 0 0 eth0

For a windoze box, (assuming IP 192.168.1.2 as the _LOCAL_ IP)

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.1.100 192.168.1.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 1
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 1
192.168.0.0 255.255.255.0 192.168.1.101 192.168.1.2 1
224.0.0.0 224.0.0.0 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1

Notice the extra "baffle 'em with bull sh1t" crap designed to scare
anyone away from things technical. By the way - don't ask me how to
set this up on the windoze boxes - we got rid of windoze 12 years ago.

I see you also posted this to 'alt.os.linux', and 'alt.comp.os.linux'.
Please don't post the same article to multiple newsgroups - that's
mul;tiposting, and is considered spamming by some. If you _MUST_ post
to multiple groups (RARELY a good idea), list all of them in the one
post in the newsgroups: header, separated by commas. That way, people
don't have to download multiple copies of the same thing. Thanks.

        Old guy

Relevant Pages

  • Re: simple networking question
    ... I'm guessing you can ping by IP but not host name. ... Again, your problem is, Active Directory is DNS based. ... configured on your private network. ... virtualization). ...
    (microsoft.public.windows.server.general)
  • Re: DNS, DHCP and classes
    ... I can't help with the DNS and DHCP changes, but I do want to clarify what you're doing so that someone else may be able to help on where your problem may lie. ... DHCP is set up to recognise all three networks and ignore requests from the 10/24 network. ... All bits set on a host address is a broadcast address for that network. ...
    (uk.comp.os.linux)
  • Re: DNS, DHCP and classes
    ... I can't help with the DNS and DHCP changes, but I do want to clarify what you're doing so that someone else may be able to help on where your problem may lie. ... DHCP is set up to recognise all three networks and ignore requests from the 10/24 network. ... All bits set on a host address is a broadcast address for that network. ...
    (uk.comp.os.linux)
  • Re: Web Site Mystery
    ... host our own web site at this location. ... So in our DNS setup, there is a pointer to the ip address of the ... Run an ipconfig /all on your server and you'll see the ... www.europacrown.com don't work from our corporate network. ...
    (microsoft.public.windows.server.general)
  • Re: Heavy packet Loss & then recovery
    ... loss followed by recovery and the linux PC became responsive again. ... OK - Who else is on the wire - specifically 192.168.10.1, and the windoze ... datagrams to a different host in order to reach that _network_ ... This might be a DHCP or firewall or even a network mask problem, ...
    (comp.os.linux.setup)