Re: Routing issues

Wed, 20 Jun 2001 05:37:25 -0500 

On Wed, Jun 20, 2001 at 12:15:46PM +0200, Ivan Capan wrote:
> I have a following setup: Debian with iptables firewalling out
> several computers with routable IP addresses. In order to get
> responses from the net, I had to manually add routing table
> with 'route add -host' for each computer.                          
> 
> routing table is like this:
> host1.domain    *               255.255.255.255 UH    0      0        0 eth1
> host2.domain    *               255.255.255.255 UH    0      0        0 eth1
> host3.domain    *               255.255.255.255 UH    0      0        0 eth1
> localnet        *               255.255.255.0   U     0      0        0 eth0
> localnet        *               255.255.255.0   U     0      0        0 eth1

Why do you have localnet on both interfaces?  Or is this just an
abbreviation?

> default         maingateway     0.0.0.0         UG    0      0              0 
> eth0 
>         (eth0 is outgoing interface, eth1 is local)

You shouldn't need the host routes unless the IP addresses are
not in "localnet/255.255.255.0" as specified in the route to the
local net for eth1.  If this is the case, then why is it the
case?

> The question is: This firewall is supposed to be built in
> front of two C subnets (on a same cable, it's a feature of a
> CISCO ruter, don't ask me   details:). 

If this is what Cisco calls "VLANs" then you might want to have
a look at http://scry.wanfear.com/~greear/vlan/cisco_howto.html

> What kind of routing table must be built? Is it OK to put route
> add -net xxx.yyy.zz1.0 dev eth1
> add -net xxx.yyy.zz2.0 dev eth1 ?

or perhaps:
ifconfig eth1 xxx.yyy.zz1.1
ifconfig eth1:0 xxx.yyy.zz2.1
route add -net xxx.yyy.zz1.0 dev eth1
route add -net xxx.yyy.zz2.0 dev eth1:0

That would work normally, but I don't think that's what you need
if you're using VLANs.  I've never used VLANs under Linux,
though, so don't believe me.  Read the HOWTO :)

> I have a small margin for errors, because there are servers on
> that subnets which must be up 0-24 so I rather ask here before
> doing some nasty things :)

In that case, make sure you know more details about the "feature
of [the] Cisco [router]" and read the Linux VLAN HOWTO if
appropriate.

I hope this helps.

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
[EMAIL PROTECTED] | Fax: +27 21 761 9930 | Kingsley Technologies

Reply via email to