Re: Can't seem to get packets to route
From: David Efflandt (efflandt_at_xnet.com)
Date: 08/23/03
- Next message: A. Trent Foley: "Re: wireless in an apartment?"
- Previous message: /dev/rob0: "Re: Bash script to see if PPP link is up..."
- Next in thread: A. Trent Foley: "Re: Can't seem to get packets to route"
- Reply: A. Trent Foley: "Re: Can't seem to get packets to route"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 23 Aug 2003 01:30:48 +0000 (UTC)
On Fri, 22 Aug 2003 14:49:10 -0500, Anonymous <Nobody> wrote:
> I currently have my network as a 192.168.xx.xx nonroutable behind a single
> routable ip using a linux box doing nat. I've been doing this for years
> and have had no troubles.
>
> I am switching providers and now have 8 routable ips all in the same /24
> subnet. This is new ground for me and I'm having troubles. I'm guessing
> that the root of my problem is in my subnetting. I am trying to set up a
> new router with 3 nics - one for my isp connection, one for a dmz, and one
> for my lan. Once I get the routing working, I will worry about setting up
> netfilter. I don't have the entire /24 to myself, but my new isp seems
> to be blocking addresses not assigned to me. So, I think it is safe to
> subnet the /24 any way I wish. This may be my problem... I took a look
> at my ip addresses and came up with the following:
What is the actual netmask or significant bits of your IP block?
Typically with 255.255.255.248 netmask (/29) your 8 IPs end up as network
IP, WAN IP, 5 usable IPs and broadcast IP. Although, creative networking
may be able to utilize more than 5 of them. Your internet interface
should likely have netmask 255.255.255.255, bcast same as its IP, host
route to gw, and default route to gw (which is typical for my adsl ISP),
since the only IP you need to route to locally in that direction is the
default gw.
Using unauthorized public IPs can cause a good deal of confusion,
especially when that network overlaps your assigned IP range. For example
you would need to masquerade the unauthorized IPs for them to access the
internet, but not your authorized IPs.
So you should likely have your 2nd nic as DMZ (your assigned public IPs
with 255.255.255.248 netmask), and 3rd nic as private IPs masqueraded to
the internet as the IP of your internet interface. This would make
everything much easier to figure out and keep straight.
-- David Efflandt - All spam ignored http://www.de-srv.com/
- Next message: A. Trent Foley: "Re: wireless in an apartment?"
- Previous message: /dev/rob0: "Re: Bash script to see if PPP link is up..."
- Next in thread: A. Trent Foley: "Re: Can't seem to get packets to route"
- Reply: A. Trent Foley: "Re: Can't seem to get packets to route"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
