[lug] routing

Hugh Brown hugh at vecna.com
Fri Jan 12 13:45:51 MST 2001 

Thank you for the help.

Hugh

"Michael J. Pedersen" wrote:
> 
> On Fri, Jan 12, 2001 at 01:34:53PM -0500, Hugh Brown wrote:
> > My problem is I'm not sure what I set as the static route.  I tried to
> > do
> >
> > route add -net 172.16.0.0 gw 192.168.0.4
> >
> > and it told me that it wasn't feasible.  My thought was that I want all
> > traffic destined for the net 172.16.0.0/24 to use 192.168.0.4 as the
> > router.  So what static route can I add (I do only have 3 workstations
> > so that will be easiest until I get more savvy about network things).
> 
> I'm going to use a (mostly) mythical setup to show you what all you need to
> do. If you don't feel like reading all this, here's the short answer:
> 
> The box which accesses the 192.168.0 network needs to be configured to route
> and masquerade traffic from the 172.16 network. After that, configure any
> boxes on the 172 network to use the 172 NIC as their gateway.
> 
> Long answer:
> 
> A quick diagram of what you haveis here, and I'm going to assign names to the
> boxes.
> 
>  ________    ________    ___________    ______
> /Internet\__/Firewall\__/Workstation\__/172net\
> \________/  \________/  \___________/  \______/
> 
> Actually, I'm going to name the NICs, since that's what we have to deal with:
> IF = Internet to Firewall NIC
> FW = Firewall to Workstation NIC
> WF = Workstation to Firewall NIC
> W1 = Workstation to 172net NIC
> 1W = 172net to Workstation NIC
> 
> IF has a real, routable IP address, usable on the internet.
> FW has an ip address in the 192.168.0.0 network, assign it as 192.168.1.1
> WF has an ip address in the 192.168.0.0 network, assign it as 192.168.1.2
> W1 has an ip address in the 172.16.0.0 network, assign it as 172.16.1.1
> 1W has an ip address in the 172.16.0.0 network
> 
> Problem: Get traffic routed appropriately so that a machine may connect at any
> spot on this network, and access any other spot on this network.
> 
> Solution:
> Set routes appropriate on each of these nics, and masquerading.
> 
> FW should be configured to do masquerading for all traffic passing over it.
> This allows traffic to reach the internet.
> 
> W1 should be configured to do masquerading, same as FW. Reason being the same.
> 
> Anything  which connects onto the 172net should use a gateway of 172.16.1.1
> 
> Anything which connects to the 192 network should use a gateway of 192.168.1.1
> 
> Anything which gets connected to the 192 network should also have a route
> added in at boot-time (via rc.local, for instance) which says to use
> 192.168.1.2 as the route for anything going to 172.16.0.0 network. This
> command should do it:
> 
> route add -net 172.16.0.0 netmask 255.255.255.0 gw 192.168.1.2
> 
> --
> Michael J. Pedersen
> My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> GnuPG available at http://www.gnupg.org
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

More information about the LUG mailing list