Re: ip masquerading/subnets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



bruce wrote:
Hi mike..


here's my system:

 internet


    dsl box
       V
       V
     dlink router (192.168.1.100)
         V
         V
       switch  ->>>>>>>>>>>>>>+
         ^                    V
         ^                    V
         ^                    V
        box1           wireless access point (192.168.1.200)
          (eth0)               |
                               |(ath0)
                              box2
                               |(eth0)
                               |
                                            box3 (future) (192.168.2.13)

    so:
 router - 192.168.1.100 (gateway)
 wireless access point - 192.168.1.200
 box1 (eth0) 192.168.1.3

 box2
    ath0 - 102.168.1.5
    eth0 - 102.168.2.5

 box3
    eth0 - 102.168.2.6

box1 connects to the switch, which is connected to the access point via the
lan (eth) connection.

so, everything is on the 192.168.1 subnet, except the eth0 nic of box2, and
the box3 that'll be added to interface with box2/eth0...

box2 has ip_forwarding set.

so my basic questions:
 -what do i need to do on box2 to allow a user to
  be able to do a "ping 192.168.2.5"

nothing

 -what do i need to do on box2 to allow a user on
  box1 to be able to "ping 192.168.2.5" and have a
  successful reply.

How is box1 supposed to know where 192.168.2.5 is?

The way networking works is that if the address in not local (both 127. and any other IPs assisgned to resident network cards) the kernel looks in the routing tables to see which network device receives the stream. If there is not a match in the routing tables the stream is sent out the default gateway.

Since there is no predefined route for 192.168.2.5 on box1, box1 will always look for 192.168.2.5 through its own default gateway which is out to the internet. Nothing you can do on box2 will change that.

You can add a route on box1 or move box2 and box3 onto the same subnet as box1.


bear with me !!

thanks



-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Mike Wright
Sent: Monday, November 26, 2007 2:22 PM
To: For users of Fedora
Subject: Re: ip masquerading/subnets


bruce wrote:

Hi Mike..

and adding this route to the box2, will allow me to ping box2/eth0 from
box1?

or are you saying that i'd have to add the route to box1. if i have to add

a

route to box1, then i'd have to add a route to every box in the system...
which isn't what i'd want to do.

again.. thanks for the basic understanding..


I'm not so sure I have that basic understanding ;)

Blaaargh!  The command I gave you was a linux command that can't be
executed on the windows box, ergo: bad advice.

You mentioned two boxes with one to come, then you mentioned that there
is also another router (to the internet? connected to box1?).  If so,
then is this what you have?

internet                     (router's default gateway)
   |
router wan   xxx.xxx.xxx.xxx (your outside IP)
router lan   yyy.yyy.yyy.??? (box1's default gateway)
   |
box1's eth?  yyy.yyy.yyy.??? (box1's other IP)
box1's eth0  192.168.1.3     (box2's default gateway)
   |
box2's ath0  192.168.1.5     (box1's route to box2 and beyond)
box2's eth0  192.168.2.5     (box3's default gateway)
   |
box3 eth0    192.168.2.???/24

Note that each box further from the internet has a default route that
points to the network device of the next closer box.

Now, in order to have box1 be able to access box2 and further box1 will
have to have a route added to its routing table that points to box2.
This is where I gave the wrong command.  You'd have to use whatever is
the appropriate windows command to add an additional route (ipconfig???).

The only other consideration (ignoring iptables) is that box2 must have
forwarding enabled or it will not pass traffic between its two interfaces:

     /etc/sysctl.conf -> net.ipv4.ip_forward = 1

Hope that is a little clearer.  :m)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux