RE: [Devil-Linux-discuss] Forwarding problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

No i think it was what you said about the=20
'Transparent bridging mode' that i need to do.

The server's IP has to stay the same (192.168.0.1)

The modem HAS to be on the same subnet as the server (or firewall =
eventually).
(therefore being 192.168.0.3)

The trick is to make it look like the same subnet, the firewall acting =
as the server and
passing it on to the real server.

The IP of the ISDN may change(although it will cause a few headaches), =
and the clients dialling in can be made to think that the server has a =
new IP.
(i.e. any IP that is on the same subnet as the ISDN modem)

I think that would solve the *possible* problem of assigning the same =
network to eth0 and eth1???=20

-----Original Message-----
From: Friedrich Lobenstock [mailto:fl...@fl...]
Sent: 03 April 2003 01:06
To: dev...@li...
Subject: Re: [Devil-Linux-discuss] Forwarding problem

Hi!

Theunis Botha wrote:
> Hi guys.. (and girls?)
> =20
> I am in a particular situation where, i cannot specify a default =
gateway=20
> on an ISDN LAN modem since it doesn't support that functionality.
> =20
> It sort off 'Terminates' a network.
> It makes the network you are reaching by dialing into it from outside, =

> "THE ULTIMATE DESTINATION"
> =20
> But now, i want "ALTERNATE DESTINATION" ;)
> =20
> see, if they ping 192.168.0.1 (living on the network they just dialed=20
> into), which happened to be the server,
> i want to put the FW as 192.168.0.1, and then forward all the packets =
to=20
> the "REAL" server and back.
> =20
> And then i want to obviously filter the packets with my nifty firewall =

> rules.
> =20
> Any ideas?
> =20
> In my mind, it looks something like this :
> =20
> 192.168.0.1(server)
> |
> 192.168.0.3(FW) eth0
> 192.168.0.1(FW) eth1
> |
> 192.168.0.3(ISDN LAN modem)
> =20
> Oh, and the server must think the FW is the Modem, since the network =
is=20
> setup to forward stuff to 0.3, and changing this simple
> thing would cause havoc at about 10 places at the same time.
> =20
> (and it actually does get a bit more complicated, but in basic, that =
is=20
> the problem.)

I suggest reading a book about routing. Your setup can only work in
the transparent bridging mode of the firewall. But you won't need
that.

Can you describe your setup a little more? From what I read
I think that you are actually trying to do this:

192.168.1.1(server)
    |
    |
192.168.1.3(FW) eth0
192.168.0.1(FW) eth1
    |
    |
192.168.0.3(ISDN LAN modem)
external IP (provided by ISP)
    |
    |
Internetserviceprovider (ISP)

You want to reach a service runnning on your server and configure
your ISDN router (it can't be a modem as it connects via Ethernet to
your firewall) to forward a specifiy port from its external interface
to the Firewall (IP 192.168.0.1). There you configure iptables DNAT
and forwarding rules to finaly forward this port to your server.
So you do not need to configure any extra routing entry on your ISDN
router.

> =20
> Oh, and does ssh and sshd work on dl0.44?

BTW 0.5 is the current release and 0.6 is comming to pre release
state soon.

--=20
MfG / Regards
Friedrich Lobenstock
____________________________________________________________________
Friedrich Lobenstock                       Linux Services Lobenstock
URL: http://www.lsl.at/                         Email: fl...@fl...
____________________________________________________________________

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:=20
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!=20
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Devil-linux-discuss mailing list
Dev...@li...
https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss