On 11/05/08 12:22, Rob Sterenborg wrote:
You mean you don't agree to the shining part?
Oh, no, the shine part is fine. I was more thinking about where the
routes were.
Yes, well, in the basic example I was refering to (A <-> C <-> D <->
B), routers C and D already know the routes to the networks they're
connected to (and I assume that hosts in A and B have a (default)
route to C and D resp) so they don't need extra routes. But they do
need forwarding set to ACCEPT and allowed. In a more complex
situation things are different.
Um, very close but not /quite/.
+---+ +---+ +---+ +---+
| A +---(x)---+ C +---(y)---+ D +---(z)---+ B |
+---+ +---+ +---+ +---+
A knows about network x.
C knows about networks x and y.
D knows about networks y and z.
B knows about network z.
C does /not/ know about network z.
D does /not/ know about network x.
So either C and D have to use each other ad default gateways or they
have to have routes to networks x and z. (That's the "not quite" part.)
We have already covered the IP forwarding in another email. As far as
the firewalling is concerned, you are correct. However I believe Daniel
said that there was no firewalling (yet).
No, I don't think so too. I already pointed him to Oskars iptables
tutorial which I think still mostly holds and I hope he'll read (and
understand) it. Writing your own script is still more flexible and
you learn more about what you're doing and dealing with.
Agreed. I think both are likely good ways to learn about firewalling,
specifically IPTables. Seeing as how this discussion is about routing...
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
