hugh at vecna.com
Fri Jan 12 13:45:51 MST 2001
Thank you for the help.
"Michael J. Pedersen" wrote:
> On Fri, Jan 12, 2001 at 01:34:53PM -0500, Hugh Brown wrote:
> > My problem is I'm not sure what I set as the static route. I tried to
> > do
> > route add -net 172.16.0.0 gw 192.168.0.4
> > and it told me that it wasn't feasible. My thought was that I want all
> > traffic destined for the net 172.16.0.0/24 to use 192.168.0.4 as the
> > router. So what static route can I add (I do only have 3 workstations
> > so that will be easiest until I get more savvy about network things).
> I'm going to use a (mostly) mythical setup to show you what all you need to
> do. If you don't feel like reading all this, here's the short answer:
> The box which accesses the 192.168.0 network needs to be configured to route
> and masquerade traffic from the 172.16 network. After that, configure any
> boxes on the 172 network to use the 172 NIC as their gateway.
> Long answer:
> A quick diagram of what you haveis here, and I'm going to assign names to the
> ________ ________ ___________ ______
> \________/ \________/ \___________/ \______/
> Actually, I'm going to name the NICs, since that's what we have to deal with:
> IF = Internet to Firewall NIC
> FW = Firewall to Workstation NIC
> WF = Workstation to Firewall NIC
> W1 = Workstation to 172net NIC
> 1W = 172net to Workstation NIC
> IF has a real, routable IP address, usable on the internet.
> FW has an ip address in the 192.168.0.0 network, assign it as 192.168.1.1
> WF has an ip address in the 192.168.0.0 network, assign it as 192.168.1.2
> W1 has an ip address in the 172.16.0.0 network, assign it as 172.16.1.1
> 1W has an ip address in the 172.16.0.0 network
> Problem: Get traffic routed appropriately so that a machine may connect at any
> spot on this network, and access any other spot on this network.
> Set routes appropriate on each of these nics, and masquerading.
> FW should be configured to do masquerading for all traffic passing over it.
> This allows traffic to reach the internet.
> W1 should be configured to do masquerading, same as FW. Reason being the same.
> Anything which connects onto the 172net should use a gateway of 172.16.1.1
> Anything which connects to the 192 network should use a gateway of 192.168.1.1
> Anything which gets connected to the 192 network should also have a route
> added in at boot-time (via rc.local, for instance) which says to use
> 192.168.1.2 as the route for anything going to 172.16.0.0 network. This
> command should do it:
> route add -net 172.16.0.0 netmask 255.255.255.0 gw 192.168.1.2
> Michael J. Pedersen
> My GnuPG KeyID: 4E724A60 My Public Key Available At: wwwkeys.pgp.net
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> GnuPG available at http://www.gnupg.org
> Part 1.2Type: application/pgp-signature
More information about the LUG