Re: Routing with 2 Subnets on one NIC

From: David Efflandt (efflandt_at_xnet.com)
Date: 12/09/03 

Date: Tue, 9 Dec 2003 01:57:43 +0000 (UTC)

On Mon, 08 Dec 2003 12:51:03 -0500, Rusty Phillips <rustyp@freeshell.org> wrote:
> I have a computer that serves as a router for six other computers.
>
> It has it's own public IP address, and four of the six other
> computers also have their own public addresses (all on the same
> subnet).
>
> The other two computers have private addresses, and I use a
> firewall script called gShield to do the routing and NAT. Supposedly
> it also has support for public addresses, which I have enabled.
>
> I've also manually added routes (using route) to the public addresses to
> go through the internal interface.
>
> I have the internal interface set up with two addresses -
> the first address (normally the gateway) for both subnets.
> At the moment, the private addresses work completely, but while
> the publicly addressed computers are only able to ping all of the NICs on the
> internal network (and the external interface which connects to
> the net), and they cannot access anything beyond.
>
> Does anyone have any thoughts about what I'm doing wrong, or what I'm
> missing?

Most likely an incorrect netmask on your real public interface resulting
in duplicate or incorrect network route(s) for your public IPs. If you
have a block of IPs that include your actual public interface, that
interface should probably have netmask 255.255.255.255, host route to your
ISP's gateway, and default route to that gateway. That way anything to
any of your other public IPs would be routed to your internal interface
instead of external (assuming proper network route).

Of course your firewall/masq also has to be set up correctly so it
masquerades any of your private IPs going to internet, but not your public
IPs.

SuSE has an easy to configure SuSEfirewall2 that can be configured for DMZ
(for public IPs), but I have not had public IPs to try that with. Also
not sure if it recognizes alias interfaces, or if it would require IP
ranges for DMZ and internal. 

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

Relevant Pages

  • Re: Routing with 2 Subnets on one NIC
    ... The internal interface has the same netmask as the public external one ... computers; I'm using a computer for the awesome firewall - otherwise I'd ... > in duplicate or incorrect network routefor your public IPs. ...
    (comp.os.linux.networking)
  • Re: Anti Virus install / other software install issues
    ... interface just as it should be. ... desktop systems are the same as Windows just click icons. ... If you have your computers linked up through a broadband connection ...
    (alt.os.linux.suse)
  • Re: Vintage Computing Advice
    ... I note that several companies manufacture composite video to VGA converter boxes for $40-$60. ... Can anyone comment whether this produces an acceptable display? ... Might it not be faster to use an inexpensive PIC or AVR microcontroller to interface an SD card to the //c or is the added flexibility of an FPGA really necessary? ... The //c+ computers are way overpriced these days and the //gs isn't my cup of tea either. ...
    (comp.sys.apple2)
  • Help in my project tecnology decisions...
    ... If a customer have a company with a network + computers. ... - Focus is provide a above of the average search interface with Ajax technology? ... Search intranet website? ... and if I go the ajax way, I think that the work is more in the client-side than in the web server.. ...
    (borland.public.delphi.non-technical)
  • Re: on the strange weakness of Graphical User Interface Languages
    ... At recent user interface conferences, ... Users don't want to have to learn anything to interact with computers, ... they want to communicate with machines as they would with another ...
    (comp.lang.lisp)
Loading