for each box on a very small lan: route, multi subnets, ip alias
- From: Alan_C <mtbr0228AT@xxxxxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2006 08:36:09 GMT
My real, key, question comes below; look for ----*******--key----*******------
But some explaining is needed first. I suspect that what I want to do is not
all that difficult to achieve. (I'm learning, I keep learning more and more).
First off, here's a diagram of my current setup:
internet
|
router/dsl modem (192.168.1.254 on lan side, lan gateway)
|
wired lan 10/100 switch
| | |
wired lan with 3 Linux workstation/desktop boxes (only one NIC and one IP per
each box)
192.168.1.10 | 192.168.1.50 | 192.168.1.103 (the 3 desktop static IP's)
currently works but is pain (a pain for the trusted lan) due to
firewalling of each IP at each Linux box. IOW, the LAN IS or becomes
totally trusted when excluding the internet from the picture in the
above diagram.
Objective is (a more distinct separation of internet and lan), at each
and every one of the 3 desktop Linux boxes, using IP alias, how to get
that changed to two IP's per each box with each of the two IP on a
different subnet with subnet_1 to be the internet and subnet_2 to be the
lan with securely firewall subnet_1 with not firewalled subnet_2 and the
appropriate routing thereof ie internet traffic routes to and from
internet using internet subnet and lan traffic routes to and from lan
using lan subnet.
(internet is to be firewalled at each Linux box and lan is to be trusted, not
firewalled at each box)
Questions towards that objective:
I saw elsewhere how to do the alias (create the alias is easy to do) and also
a, the 2nd route to 2nd subnet (a route to a subnet rather than a route to a
gateway):
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch03_:_Linux_Networking#Multiple_IP_Addresses_on_a_Single_NIC
http://groups.google.com/group/comp.os.linux.networking/browse_thread/thread/bdaaf58583314905/367c9df03f834dde?lnk=gst&q=route+to+subnet&rnum=8#367c9df03f834dde
But I don't sufficiently understand the concept of masks as related to subnet
so as to create the approrpriate routes to the correct subnet that I want for
my case.
192.168.1.254 is my internet gateway so I'd like to continue the use of my
current lan box IP's (192.168.1.xxx) on the (internet) subnet_1. But on the
lan I want (I guess) to use subnet 192.168.0.xxx for lan, subnet_2
----*******--key----*******-------
How to add routes or what would the routes look like? Keep the currently
existing default route? (the internet gateway 192.168.1.254)
None of these 3 Linux desktops would be a router, none would forward traffic
beyond itself.
But (this I need help on, I'm confused as to how to get this) each box here
needs it's own ability to know which subnet to use for which sort of traffic.
whether the traffic be internet or lan traffic.
----*******--key----*******-------
The next on to the end is unnecessary but it's included due to it has
relevancy to this topic.
I'm trying to get my head wrapped sufficiently around virtual interface, IP
alias, subnet, masks for subnet, and route to a (another) subnet.
The IP alias part is easy, here, I already did it, some snippets:
Two IP's onto eth0 (IP alias for the 2nd IP)
root@AB60R:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:1B:B4:81:30
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
<snipped>
root@AB60R:~# ifconfig eth0:0 192.168.1.25 netmask 255.255.255.0 up
root@AB60R:~# ifconfig
<eth0 snipped> and now it also has eth0:0
eth0:0 Link encap:Ethernet HWaddr 00:30:1B:B4:81:30
inet addr:192.168.1.25 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xb000 Memory:fb000000-fb020000
--
Alan.
.
- Follow-Ups:
- Prev by Date: Re: Fedora 5 - Intel Pro/Wireless LAN 2100 3B Mini PCI adapter woes.
- Next by Date: Re: for each box on a very small lan: route, multi subnets, ip alias
- Previous by thread: How can I alocate a hostname based on MAC adress and DHCP?
- Next by thread: Re: for each box on a very small lan: route, multi subnets, ip alias
- Index(es):
Relevant Pages
|
