[lug] routing

Michael J. Pedersen marvin at keepthetouch.org
Fri Jan 12 13:22:32 MST 2001


On Fri, Jan 12, 2001 at 01:34:53PM -0500, Hugh Brown wrote:
> My problem is I'm not sure what I set as the static route.  I tried to
> do
> 
> route add -net 172.16.0.0 gw 192.168.0.4 
> 
> and it told me that it wasn't feasible.  My thought was that I want all
> traffic destined for the net 172.16.0.0/24 to use 192.168.0.4 as the
> router.  So what static route can I add (I do only have 3 workstations
> so that will be easiest until I get more savvy about network things).

I'm going to use a (mostly) mythical setup to show you what all you need to
do. If you don't feel like reading all this, here's the short answer:

The box which accesses the 192.168.0 network needs to be configured to route
and masquerade traffic from the 172.16 network. After that, configure any
boxes on the 172 network to use the 172 NIC as their gateway.

Long answer:

A quick diagram of what you haveis here, and I'm going to assign names to the
boxes.

 ________    ________    ___________    ______
/Internet\__/Firewall\__/Workstation\__/172net\
\________/  \________/  \___________/  \______/

Actually, I'm going to name the NICs, since that's what we have to deal with:
IF = Internet to Firewall NIC
FW = Firewall to Workstation NIC
WF = Workstation to Firewall NIC
W1 = Workstation to 172net NIC
1W = 172net to Workstation NIC

IF has a real, routable IP address, usable on the internet.
FW has an ip address in the 192.168.0.0 network, assign it as 192.168.1.1
WF has an ip address in the 192.168.0.0 network, assign it as 192.168.1.2
W1 has an ip address in the 172.16.0.0 network, assign it as 172.16.1.1
1W has an ip address in the 172.16.0.0 network

Problem: Get traffic routed appropriately so that a machine may connect at any
spot on this network, and access any other spot on this network.

Solution:
Set routes appropriate on each of these nics, and masquerading.

FW should be configured to do masquerading for all traffic passing over it.
This allows traffic to reach the internet.

W1 should be configured to do masquerading, same as FW. Reason being the same.

Anything  which connects onto the 172net should use a gateway of 172.16.1.1

Anything which connects to the 192 network should use a gateway of 192.168.1.1

Anything which gets connected to the 192 network should also have a route
added in at boot-time (via rc.local, for instance) which says to use
192.168.1.2 as the route for anything going to 172.16.0.0 network. This
command should do it:

route add -net 172.16.0.0 netmask 255.255.255.0 gw 192.168.1.2

-- 
Michael J. Pedersen
My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
GnuPG available at http://www.gnupg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20010112/d81c1f09/attachment.pgp>


More information about the LUG mailing list