Re: routing two private subnets?
From: David Efflandt (efflandt_at_xnet.com)
Date: 01/28/05
- Next message: Paul Hovnanian P.E.: "Re: My Two Biggest "Linux Mysteries""
- Previous message: Peter F: "Re: My Two Biggest "Linux Mysteries""
- In reply to: William Gill: "Re: routing two private subnets?"
- Next in thread: William Gill: "Re: routing two private subnets?"
- Reply: William Gill: "Re: routing two private subnets?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 28 Jan 2005 01:58:46 +0000 (UTC)
On Thu, 27 Jan 2005 15:14:28 GMT, William Gill <noreply@gcgroup.net> wrote:
> Noah Roberts wrote:
>> William Gill wrote:
>>
>>>I apologize if this question gets a little convoluted,
>>
>>
>> Yes, it is a little difficult to figure out what you want. I believe
>> you are talking about your home network, but am at a loss as to what
>> the remote servers have to do with it.
>>
>> You can use Linux to FW and nat for your entire internal network. This
>> may be against the AUP of your ISP, but I never cared...
>>
>> Your modem may or may not do NAT.
>>
>> If you want your remote servers to be a part of your internal network
>> you have to use VPNs and/or tunneling, something I know next to nothing
>> about...
>>
> OK, I'll try to clear it up some.
>
> >...am at a loss as to what the remote servers have to do with it.
>
> Disregard anything to do with remote servers. Everything is hosted by
> someone else now. My wife is spoiled by "direct access to the
> internet", and I need to ftp to my servers, pull mail, and the usual
> home user stuff.
>
> current layout:
>
> internet
> |
> modem
> [optioned for pppoe on computer not modem]
> [internal ip (for http interface to config, etc): 192.168.0.1]
> |
> eth0
> [ip: 192.168.0.2]
> |
> ppp0
> [Roaring Penguin pppoe client]
> [ip: DHCP]
> [linux box as firewall/router ]
> [iptables masq allowing lan connectione to internet]
> |
> eth1
> [ip:192.168.1.10]
> |
> LAN
> _|___________________________
> | | |
> happy wife Me college student son
>
> Not being versed in pppoe, it looks like there are two ports facing the
> internet; the physical eth0 at 192.168.0.2, and the "virtual" ppp0 an a
> DHCP assigned address. Also because i'm not well versed in pppoe I'm
> not comfortable security wise.
The eth0 interface will not go anywhere other than the modem when you are
doing pppoe. ppp0 tcp/ip is isolated from and does not use eth0 tcp/ip
(it would work just as well if eth0 had no IP or was firewalled
completely).
> What I do know is, the modem (speedstream 5100) can be configured for
> pppoe on the computer or in the modem (default).
> if I change it back to "in the modem", the config changes to:
>
> internet
> |
> modem
> [optioned for pppoe on modem]
> [DHCP and NAT done internally on modem]
> [ip: 192.168.0.1]
> |
> eth0
> [ip: 192.168.0.2]
> [linux box as firewall]
> |
> eth1
> [ip:192.168.1.10]
> |
> LAN
> [no internet connectivity]
>
>
> My limited understanding is that addresses 192.168.xxx.xxx are
> private,and non-routable, but I am wondering if I can use NAT (via
> iptables) to allow lan computers internet access.
Masquerading with iptables would be simplest. LAN side of modem would
only respond to IPs that appear to be directly on its LAN subnet anyway,
and would not know to use Linux eth0 as gateway to other subnet.
> On first pass it looks like if I try, all connections would appear to be
> coming from 192.168.0.1 i.e. public IP > NAT(in modem) > 192.168.0.1
> so it won't work. However, it seems to me that NAT (possibly SNAT)
> would allow all lan computers to appear to be at 192.168.0.2.
> Am I wrong?
Almost. Internet traffic would appear to come from whatever public IP it
originates from. Outgoing traffic from 192.168.1.0/24 net would use
gateway 192.168.1.10 and appear to modem to come from 192.168.0.2, and to
internet would appear to come from modem's PPPoE IP. The only place
192.168.0.1 matters is as a default gateway for the Linux router.
> The second question was not NAT related, it was routing. I wanted both
> eth0 and eth1 on 192.168.0.0/24. Again it seems possible, but as I said
> "my limited knowledge".
That may be possible using proxy_arp (if the modem accepts LAN IPs other
than the 1 DHCP IP it assigns. I have done something like this::
eth0 192.168.0.2/255.255.255.255
route add -host 192.168.0.1 dev eth0
route add default gw 192.168.0.1 dev eth0
eth1 192.168.0.2/255.255.255.0
(same IP, different netmask, or could use different 192.168.0.x IP)
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
(so eth0 answers modem arp requests for eth1 net)
All boxes on eth1 net (other than Linux router) would use eth1 IP as
default gateway.
- Next message: Paul Hovnanian P.E.: "Re: My Two Biggest "Linux Mysteries""
- Previous message: Peter F: "Re: My Two Biggest "Linux Mysteries""
- In reply to: William Gill: "Re: routing two private subnets?"
- Next in thread: William Gill: "Re: routing two private subnets?"
- Reply: William Gill: "Re: routing two private subnets?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
