Dear Andreas, On Tue, Sep 24, 2013 at 5:54 PM, Andreas Kostyrka <andreas@xxxxxxxxxxxx> wrote: > You won't be able to make the clients to send the packets to outside their > network. TCP/IP does not work that way. Gateway's of both the networks i.e 192.168.2.0/24 and 192.168.3.0/24 computers are both residing in the Linux firewall machine namely 192.168.2.1(eth1) , 192.168.3.1(eth1:0 -Virtual Interface). Note: Computers in 192.168.2.0/24 and 192.168.3.0/24 network are both connected to a single switch. Can't we have the computers in the 192.168.2.0/24 network and 192.168.3.0/24 communicate with each other by means of their default gateway's wherein the packets intended from 192.168.2.0/24 to 192.168.3.0/24 hit the default gateway 192.168.2.1 which then routes the traffic to 192.168.3.1 & from there to the destination computer ? > > Without going into the needed commands, you basically need to do: > 1.) add 10.0.0.1 (or similar) to eth1 on the linux box, so that the linux > box can reach the secondary router. This means that I need to merely add another virtual interface with an IP address in 10.0.0.x space & setup routing to route packets to 10.0.0.200 ? If yes, if you can shed some light on the exact commands or point me in that direction, that will help. > 2.) if the 10.0.0.200 router routes only to an internal IP address space, e.g. 10/8, > than you can just add the route to these destinations. That's correct. We need machines accessing 10/8 network to route to 10.0.0.200 > 3.) if the 10.0.0.200 router provides access to routes that conflict with the > 192.168.1.1 destination, you just need to google the source-based routing > recipe (basically seperate routing tables that get selected on the source > of a packet) and follow it. > > Andreas -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
