On 03/04/08 21:17, Rich wrote:
MY side gateway county side
172.31.0.0/21 eth0 172.31.5.240 main ip network is 10.0.0.0/128 with
a 192.168.14.1 interface to my eth1
eth1 192.168.14.12
Will you please clarify what your set up is. I think you were trying to
portray that your side of the gateway has an IP address of
172.31.5.240/21 and the county side of the gateway has an IP address of
192.168.14.1 or 192.168.14.12 (unknown subnet). What is the
10.0.0.0/128? Should the /128 have really been a /25?
This has been working great with no problems. I have been linking to
2 servers on their side. A Novell and a Lotus Notes Server and they
have been link to our Novell and Lotus notes servers.
*nod* This is as I would expect.
Now here is the dilemma.
The county has decided to consolidate our IT operations. We will be
consolidating our Notes and Novell servers and consolidating our
workstations onto their physical network. We decided in our planning
that we would keep our 172.31.0.0/21 ip scheme. So we have brought in
new switches and router running parallel to the old ones. They come
into our buildings and link back to the county network. The new
infrastructure in no way physically touches our existing network. All
the traffic goes to the county network. There are vlans setup with no
problem.
Ok...
This is the issue.
How can I get the "new" 172.31.0.0 network to talk to the old
172.31.0.0 network till the conversion is done and the old 172.31.0.0
network is decommissioned. I tried to use the same iptables gateway
to go from the new network to the old to no avail. Can this be done?
Can I do it by building a seperate iptables router to handle the
traffic coming from the new network to the old?
In a word "Bridging". Remember that subnets are separated from one
another by routers. So if you are wanting to have the same subnet on
different sides of a router you will need to use an operation that can
join the two sides of the subnet together making one big subnet.
(Presuming that I am correct on your physical layout above.)
I would recommend that you set up (augment) your existing IPTables box
to include bridging or replace it with one that does bridging. The
bridging will allow you to combine your existing network and the new
network in to one large network.
I am presuming that your existing network will stay on eth0 and the
existing county network will stay on eth1 and that the new network will
be on eth2.
Bridge eth0 and eth2 together in to a new bridge, br0. Assign your
172.31.5.240/21 address to br0 and keep your existing county address on
eth1. This way your existing routing scheme and firewalling between
your subnet and the county subnet will work just fine. All you are
doing to the routing and firewalling is changing the interface that your
network is on.
Chew on that and let me know if I got something wrong or if you need
something else.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
