Menu
▾
▴
RE: [Devil-Linux-discuss] Routing
|
From: Russell P. <rus...@ai...> - 2005-07-11 16:54:59
|
Hm. I figured I may have to do something like that - but I've never used = that sort of configuration before. I guess I'll have to have a try again = at the subnetting. I do seem to remember a long time ago using static routes and modifying = the arp tables (back on ipso/Firewall-1)... The router here is one of the ISP(BT) managed things, so slightly = reluctant to have to have any configuration changes made to that. -----Original Message----- From: dev...@li... on behalf of Moray = McConnachie Sent: Mon 7/11/2005 5:36 PM To: dev...@li... Cc:=09 Subject: RE: [Devil-Linux-discuss] Routing We deal with this (tho glad to hear of a better way, because I thought = it very odd when setting it up!) by subnetting like this for eth0: 85.133.20.0/30 and then running virtual interfaces on eth1 (assuming class C for a = minute) as 85.133.20.4/30 85.133.20.8/29 85.133.20.16/28 85.133.20.32/27 85.133.20.64/26 85.133.20.128/25 Your DMZ address space is then 85.133.20.5-85.133.20.254, excepting = 85.133.20.7,85.133.20.8, 85.133.20.15, = 85.133.20.31,85.133.20.32,85.133.20.63,85.133.20.64,85.133.20.127. IPtables interface specifier is not sensitive to the virtual interfaces, = which means $IPTABLES -i eth0 -o eth1 still gets everything coming from = outside destined to the DMZ. If you don't care about using all the = address space, just using the last line would be easier. Then you tell the router to use static routing for each DMZ group you = set up, routing each through your eth0 IP address. Yours, Moray ------------------------------------------- Moray McConnachie IT Manager - mmc...@ox... Oxford Analytica - http://www.oxan.com -----Original Message----- From: dev...@li... [mailto:dev...@li...]On Behalf Of Russell Packer Sent: 11 July 2005 17:02 To: dev...@li... Subject: RE: [Devil-Linux-discuss] Routing netstat -rn shows me: 85.133.20.0 0.0.0 255.255.255.128 eth0 85.133.20.0 0.0.0 255.255.255.128 eth1 10.0.0.1 0.0.0.0 255.255.255.0 eth2 0.0.0.0 85.133.20.1 0.0.0.0 eth0 Which is pretty wrong, as indeed - how does anything know to come back = through eth1? I tried subnetting it out (255.255.255.192) but couldn't make that happy = either. I also tried some static routes (in case the router wasn't happy with me = subnetting), but again no joy... -----Original Message----- From: dev...@li... on behalf of = Gordon Russell Sent: Mon 7/11/2005 4:36 PM To: dev...@li... Cc:=09 Subject: Re: [Devil-Linux-discuss] Routing what does netstat -rn tell you? you will have the same network on two interfaces (eth0, facing the=20 router, and eth1, facing the dmz). To which is the assigned network=20 (85.133.20.0) attached in the routing tables on the DL box? do you need = to further netmask it to split it between the two interfaces? gordon ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar = happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by = HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar = happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by = HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |