hugh at vecna.com
Tue Jul 16 19:21:55 MDT 2002
On Mon, 2002-07-15 at 23:11, D. Stimits wrote:
> Hugh Brown wrote:
> > network newbie question.
> > I am in a bit of situation.
> > We won the second phase of a contract and have the job of porting a
> > windows based system to an os independent system. The company delivered
> > the machines but put them on the 192.190.1.x/24 subnet and told us that
> > changing the ip address of the two systems would be burdensome to do.
> > Their obligation is to deliver a system that works. It seems to work
> > okay, but I don't know how to get the two systems to see the Internet at
> > large.
> > I have the two systems on an ipchains masqueraded network.
> > How do you normally put two distinct subnets on a network and get them
> > to go out to the right destination
> > Here's the setup
> > Internet--- external interface (ipchains box) 192.168.1.1----|
> > |
> > Internal Network
> > |
> > |
> > 192.190.1.x/24
> What is the nature of the connection? UDP, TCP? Is a specific port
> involved, or is there no particular port that is always needed? Will
> service be called upon from the outside, or will all conversations be
> initiated at the internal network?
numerous ports, it would be nice to have the machines speak to the
Internet, I can take care of getting a web request from the Internet to
> I have never done this, but I have been curious about it. Often, ip masq
> is a general masquerade, not a 1:1 masquerade, where exact ports are
> assigned 100% of the time to a particular forward/masquerade...normally
> it is a general thing where outbound packets determine which response
> goes back to the original machine, it is not fixed. However, you *can*
> tell it to make specific ports 100% bound to particular forward
> addresses (at least with newer kernels, maybe with older too). If you
> have a general masquerade, then outside cannot randomly access the
> masquerade box for its services, the internal box would have to initiate
> the conversation. Does the outside have to initiate a conversation with
> the internal net? If so, and if particular ports are in mind, and if
> those ports are never required for other machines to service requests,
> then you can bind those ports permanently to forward to that machine.
> Since I have never done this, I do not know the gotchas or problems you
> will go through to enable it (though you probably want to start with a
> 2.4.19-prerelease kernel). I think some of the terminology I have seen
> before is 1:N, N:1, and 1:1 NAT when windows products were involved.
Initially I'll trying adding an alias'ed interface (after reading the
link that someone else posted, unless doing the aliasing is a bad
idea). I'll see how that goes, then I'll look at trying to get it to
masquerade them to the outside.
> D. Stimits, stimits at idcomm.com
> > I know I haven't explained this very well so please help me clarify.
> > Hugh
More information about the LUG