[lug] routing

Hugh Brown hugh at vecna.com
Fri Jan 12 13:45:51 MST 2001

Thank you for the help.


"Michael J. Pedersen" wrote:
> On Fri, Jan 12, 2001 at 01:34:53PM -0500, Hugh Brown wrote:
> > My problem is I'm not sure what I set as the static route.  I tried to
> > do
> >
> > route add -net gw
> >
> > and it told me that it wasn't feasible.  My thought was that I want all
> > traffic destined for the net to use as the
> > router.  So what static route can I add (I do only have 3 workstations
> > so that will be easiest until I get more savvy about network things).
> I'm going to use a (mostly) mythical setup to show you what all you need to
> do. If you don't feel like reading all this, here's the short answer:
> The box which accesses the 192.168.0 network needs to be configured to route
> and masquerade traffic from the 172.16 network. After that, configure any
> boxes on the 172 network to use the 172 NIC as their gateway.
> Long answer:
> A quick diagram of what you haveis here, and I'm going to assign names to the
> boxes.
>  ________    ________    ___________    ______
> /Internet\__/Firewall\__/Workstation\__/172net\
> \________/  \________/  \___________/  \______/
> Actually, I'm going to name the NICs, since that's what we have to deal with:
> IF = Internet to Firewall NIC
> FW = Firewall to Workstation NIC
> WF = Workstation to Firewall NIC
> W1 = Workstation to 172net NIC
> 1W = 172net to Workstation NIC
> IF has a real, routable IP address, usable on the internet.
> FW has an ip address in the network, assign it as
> WF has an ip address in the network, assign it as
> W1 has an ip address in the network, assign it as
> 1W has an ip address in the network
> Problem: Get traffic routed appropriately so that a machine may connect at any
> spot on this network, and access any other spot on this network.
> Solution:
> Set routes appropriate on each of these nics, and masquerading.
> FW should be configured to do masquerading for all traffic passing over it.
> This allows traffic to reach the internet.
> W1 should be configured to do masquerading, same as FW. Reason being the same.
> Anything  which connects onto the 172net should use a gateway of
> Anything which connects to the 192 network should use a gateway of
> Anything which gets connected to the 192 network should also have a route
> added in at boot-time (via rc.local, for instance) which says to use
> as the route for anything going to network. This
> command should do it:
> route add -net netmask gw
> --
> Michael J. Pedersen
> My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> GnuPG available at http://www.gnupg.org
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

More information about the LUG mailing list