[ale] router not on the network?

Wandered Inn esoteric at denali.atlnet.com
Wed Jan 31 13:52:50 EST 2001


hirsch at zapmedia.com wrote:
> 
> Stephan Uphoff writes:
>  >
>  > Try:
>  >      route add -host x.y.z.t dev eth0
>  >      route add default gw  x.y.z.t
> 
> Yow!  That did the trick.  Thanks a million.

This brings up a question I never could figure out.  Currently I have a
bastion firewall and a choke firewall, both doing masq and forwarding. 
I'd like to have the choke just forward and let the bastion do all the
masq.  I posted queries regarding this issue to the list a while back,
but never could get it to work.  Here's a small diagram:

Internet <-> Bastion (a.dmz.edu) <-> Choke (b.dmz.edu) <-> Other
machines.

The way I've got the routing set up is the Bastion's default route is to
my isp.  The Choke's default route is to the Bastion and the default
route for 'Other machines is the Choke.  This works unless I try to
change the choke to where it is not masq, just forwarding.  I'll admit,
I'm a bit weak on the routing stuff.  I was wondering if I were to set
the 'Other machines' default to the bastion and add the -host route as
listed above.

I've also made an assumption that the default route and the gateway are
the same thing.  This might well be part of my problem.

Further, here is the output of /sbin/route from the various machines:

Bastion:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
a.dmz.edu       *               255.255.255.255 UH    0      0        0
eth1
10.112.112.112  *               255.255.255.255 UH    0      0        0
ppp0
172.16.10.0     *               255.255.255.0   U     0      0        0
eth1
172.16.255.0    b.dmz.edu       255.255.255.0   UG    0      0        0
eth1
127.0.0.0       *               255.0.0.0       U     0      0        0
lo
default         10.112.112.112  0.0.0.0         UG    0      0        0
ppp0

Choke:

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
dmz-edu         *               255.255.255.0   U     0      0        0
eth0
home-edu        *               255.255.255.0   U     0      0        0
eth1
loopback        *               255.0.0.0       U     0      0        0
lo
default         a.dmz.edu       0.0.0.0         UG    0      0        0
eth0

Other machines:

denali.home.edu *               255.255.255.255 UH    1      0        0
dummy0
172.16.255.0    *               255.255.255.0   U     0      0        0
eth0
loopback        *               255.0.0.0       U     0      0        0
lo
default         b.home.edu      0.0.0.0         UG    0      0        0
eth0

> 
> Is this a standard network setup?  No one I've talked to has ever
> heard of a setup like it.
> 
> Thanks again,
> 
> Michael
> 
>  >
>  > > I recently tried to put a linux box on a network that had a
>  > > configuration I'd never seen.  It was one of those "it worked fine for
>  > > my Windows laptop, why doesn't it work for Linux" things.
>  > >
>  > > The setup:
>  > >
>  > > IP address: a.b.c.d
>  > > netmask:    a.b.c.0
>  > > gateway:    x.y.z.t
>  > >
>  > > So the gateway was not on the lan.  I gather there is some firewall
>  > > that is doing some kind of transparent NAT on onto the internet.
>  > > /sbin/route would not let me configure a gateway that can't be
>  > > reached, so I was hosed.
>  > >
>  > > Have you ever seen this setup before?  Someone mumbled that there was
>  > > a networking patch for this, but I'd never heard of it.
>  > >
>  > > Now Linux looks bad in this guy's eye because it can't do what Windows
>  > > did.  I'm guessing that this is some MS extension to IP, but I really
>  > > don't know.
>  > >
>  > > Thanks in advance,
>  > >
>  > > --
>  > > ------------------------
>  > > Michael D. Hirsch, Ph.D.
>  > > Software Developer
>  > > ZapMedia
>  > >
>  > > Phone: 678-420-2722                FAX: 678-420-5839
>  > > email: michael.hirsch at zapmedia.com Web: http://www.zapmedia.com
>  > > --
>  > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>  > >
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The
latter cannot understand it when a man does not thoughtlessly submit to
hereditary prejudices but honestly and courageously uses his
intelligence."
- Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list