Hello Greg,
The LAN off eth1 will provide public services and is allocated to isp clients.
Hiding is not an option and splitting the net in half will loose too many ip's.
I have been looking into proxy ARP and it looks like the ticket. However, I
don't know if it is necessary under the following conditions:
1. The default route for a.b.c.0/24 hosts on LAN A use default route a.b.c.3.
2. The default route for a.b.c.0/24 for the cisco is a.b.c.2/29 (I don't know
how to do this!)
3. The following assignments are used:
T1 to ISP
|
| /30 net
|
+----------------+
| cisco router |
+----------------+
| FastEthernet0/0
| a.b.c.1/29
|
(possible switch/hub here in future)
|
| a.b.c.2/29
| eth0
+----------------+
| |
| eth1 |---a.b.c.3/24-public-net-----> LAN A
| linux box |
| eth2 |---192.168.1.0/24-private-net---> LAN B
| |
+----------------+
It seems logical to me that all routing would work with the above configuration.
Proxy ARP looks easy enough though.
David Koski
david@KosmosIsland.com
On Mon, 28 Jan 2002 18:46:58 -0600
Greg Scott <GregScott@InfraSupportEtc.com> wrote:
> Is your LAN off of eth1 a DMZ with some kind of publicly availble
> server that you want protected? You could put it in another private
> address range, say 192.168.10.0/24 and then use SNAT and DNAT to
> disguise it from the world.
>
> Or you could split up a.b.c.0/24 into two sets of a.b.c.0/25 and
> a.b.c.128/25 if you need real routable IP addresses on this DMZ
> system.
>
> You will want the same subnet mask on your a.b.c.<whatevers> unless
> you plan to subnet it even more when you get farther inside. Remember,
> the mask determines which bits are the network and which bits are the
> host. So it needs to be consistent all the way through.
>
> - Greg
>
>
>
> -----Original Message-----
> From: David Koski [mailto:david@kosmosisland.com]
> Sent: Monday, January 28, 2002 3:07 PM
> To: LARTC@mailman.ds9a.nl
> Subject: [LARTC] routing network through bastian host
>
>
> Hello,
>
> This seems to be a common problem but AFAIK, without a common solution. The
> network map is as follows:
>
> T1 to ISP
> |
> | /30 net
> |
> +----------------+
> | cisco router |
> +----------------+
> | FastEthernet0/0
> | a.b.c.1/24
> |
> (possible switch/hub here in future)
> |
> | a.b.c.2/24
> | eth0
> +----------------+
> | |
> | eth1 |---a.b.c.3/24-public-net-----> lan
> | linux box |
> | eth2 |---192.168.1.0/24-private-net---> lan
> | |
> +----------------+
>
> Of course the above does not work as eth0 and eth1 are on the same subnet.
> So
> far, I can see two possible solutions:
>
> 1. reassign the cisco to linux net to a private point to point /30 net. I
> have
> tried with limited success.
>
> 2. reassign the cisco to linux net to a.b.c.1/29 (cisco) and a.b.c.2/29
> (linux
> box). This would give me a block of 8 between cisco and linux and would
> enable
> me to add a switch/hub between to feed another host for backup mail relay
> and
> dns server.
>
> Questions:
>
> 1. Does a different subnet mask define a different subnet? Will the "two
> nics
> same net" conflict be resolved by applying a longer mask to one subnet?
>
> 2. What is required to route through the linux box in "solution" 2 above?
> Is
> this a case of "more specific, preferred route" applied?
>
> 3. Any relevant RFC's would be helpful.
>
> 4. Of course, ANY suggestions welcome.
>
> TIA,
> David Koski
> david@KosmosIsland.com
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
