[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] routing and firewalls question



If the internal network is on a priavte IP scheme,  You'll never be 
able to ping Internet.  But you should be able to ping router if
you use approiate route commands and use IP_FORWARDING.  Also
you can set up a web server on the Linux machine and set it up
to allow all PC's internally to proxy.


Thanks,
Christopher Fowler
On 19-Nov-97 Robert L Harris wrote:
>> 
>> Ok, here's a stupid one for you...trying to set up a firewall.  All the
>> docs/HOW-TOs assume that you're a poor linux geek at home, and want to
>> masq your internal net using your one valid IP.  I got that part done.
>> But, I have a full class C.  I'm missing something simple and
>> fundamental about the routing part.
>> 
>> 
>> ISDN Line   ____
>> -----------|____|---------|   |-----------------------| |--------------|
>>                           |   |                  |----------|          |
>>            Router     ____|   |___               | etherhub |       My
>> Network
>>                       |Nic1   Nic2|              |----------|
>>                       |___________|
>> 
>> Add interfaces for eth0 and eth1.   Router is 192.168.2.1, eth0 is 2,
>> eth1 is 3.  From the firewall box I can ping outside, and from the
>> inside I can ping eth1, but not eth0 or the router...I haven't done any
>> specific route commands.  Do I need to?  How do I make the packets go
>> from eth1 to eth0?  Yes, IP_FORWARDING is compiled in.
>> 
>> I'm completely brain dead this morning, so I apologize if this is a
>> simple one.  Thanks in advance.
>> 
>> /michael
>> :wq
>> 
>
>Michael,
>  presuming eth0 is Nic1 and eth1 is Nic2, 
>
>  route add default eth0
>  route add net aaa.bbb.ccc eth1   (hope my syntax is correct)
>
>  You need to add a "net" route to your class C and tell it to pass through
>  eth1.
>
>
>Robert
>---------------------------------------------------------------------------
>Robert L. Harris          |   If NT is the answer,
>System Engineer For Hire. \_    You don't understand the question
>
>Voice:
>  (303) 971-9218
>Email:
>  Robert at ast.lmco.com
>
>http://www.orci.com/~nomad
>
>DISCLAIMER:
>      These are MY OPINIONS ALONE.  I speak for no-one else.
>
>perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

----------------------------------
Christopher Fowler
Sales Engineering Manager
Computone Corporation
1100 Northmeadow Pkwy
Roswell, GA 30076
----------------------------------