Menu
▾
▴
Re: [coLinux-devel] TCP Forwarding? Or General Networking Questions..?
|
From: Ian C. B. <ia...@bl...> - 2004-02-05 16:29:58
|
On Thu, Feb 05, 2004 at 10:00:04AM -0600, Richard Goodwin wrote: > Ok, > > So on my work machine, where I'd most dearly love to run cL, I am unable to > Bridge or enable ICS because we are members of a domain. So, I need to I > guess use the IP forwarding of XP or figure out some other solution. Why does bridging or ICS affect your authentication? I'm confused. > Here's the setup: > > Local Area Connection 2: "corporate" network, gets DHCP and DNS addresses > from network. For arguments sake, let's say it's IP is 199.199.199.199, and > the gateway is 199.199.199.1, and subnet mask is 255.255.255.252 (which it > actually is) That's impossible. If your IP is 199.199.199.199 with a 255.255.255.252 mask, your IP is the broadcast (all ones) address on the 199.199.199.196 network. In that case, I would think it far more likely that your IP would be 199.199.199.198, with a default route through your router at 199.199.199.197. The 199.199.199.1 IP would be on a completely different netblock, unreachable directly. You have a host on a /30 segment? Bridging probably is right out for you then.. but why does ICS block your SMB connectivity? If you meant a 255.255.252.0 netblock, then bridging would make sense. I'll bet this is what you have, as a /22 block with 1024 hosts is far more common on Enterprise networks. > TAP: You know what this is ;-) Currently set to 192.168.0.1, and the gateway > set to the IP of the LAC#2 (don't know if that's right or not) You don't want a gateway on that interface. You only want one "default gateway" on a box (where packets not destined for any local static routes are sent). On your Linux image, you would set your default gateway 192.168.0.1. Think of gateway as the "gateway of last resort". If a packet is destined for somewhere your machine doesn't know how to get to, it hands it off to the gateway for it to deliver the traffic for you. > eth0 in cL: currently set to 192.168.0.40, and gateway set to TAP IP. That is correct. > I did the IPEnableRouter = 1 in the registry and rebooted, and I can ping > TAP and LAC#2 from cL, but can't ping past LAC#2. Am I missing something > obvious? Yes. Your network beyond your 199.199.199.x gateway does not have a route to get back to the 192.168.0.0/24 network. Packets go out, but your enterprise network does not know how to give them back. There are two solutions to this problem: 1. You need to enable ICS. All traffic will then appear to be coming from your LAC#2. ICS is glorified Network Address Translation (NAT). 2. Convince your enterprise network guys to add a route to your little private virtual segment on the routers. - Ian C. Blenke <ia...@bl...> |
