OMG I did F...F...F..Foul! up that first part...
Gareth is completely right. Sorry again.
On Thursday, July 12, 2001, at 09:33 PM, Gareth Allen wrote:
> Just for info, when using a 255.255.255.128 netmask, the valid address
> ranges are
>
> 192.168.1.0 Network Address
> 192.168.1.1-126 Host Address
> 192.168.1.127 Broadcast Address
>
> 192.168.1.128 Network Address
> 192.168.1.129-254 Host Address
> 192.168.1.255 Broadcast Address
>
> Basically in setting 192.126.1.128, you are using an invalid address.
>
> Regards
>
> Gareth
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Nathan Callahan
> Sent: 12 July 2001 12:12
> To: Darcy Brodie
> Cc: [EMAIL PROTECTED]
> Subject: Re: [expert] Multiple network cards in a Mandrake
> firewall/switch combination
>
>
> Hi... This is probably all my fault for confusing the issue, so I guess
> that I will have to try and help clean it up :-)
>
> If you are using something resembling my silly little setup, BOTH nics
> need to be set up with 255.255.255.128 netmasks.
>
> If you are using something more like what the wise civileme wrote, is to
> use a completely different network for the 10baseT hosts. Something in
> the 172.16.*.* range (as he suggested) or the 10.*.*.* would be
> appropriate (I believe these are the IP ranges, along with 192.168.*.*,
> researved for private networks)
>
> Hope this helps, sorry for making muddying the waters.
>
>
> On Thursday, July 12, 2001, at 12:46 PM, Darcy Brodie wrote:
>
>> I have added the additional nic into the firewall / masqurading
>> machine, and
>> configured it to 192.168.1.128/255.255.255.128
>> I can ping the address from the 100mhz network(both from the server,
>> and from
>> remote workstations). However, I connected a workstation to the new
>> nic
>> card (eth2) through a 10mhz hub, and I can not ping either the eth2
>> card from
>> the remote 10mhz workstation, or the remote workstation from the
>> server. I
>> have verified that the hub and the cables are working. I have even
>> used a
>> cross over cable from the workstation to the server, but I still can
>> not ping
>> the eth2 card
>>
>> Darcy
>>
>> Nathan Callahan wrote:
>>
>>> There is another option. You could set the machine up as an ethernet
>>> bridge as I am doing here so that I can use my powerbook on our local
>>> coax network, and get to the masquerading host easily and so that the
>>> other people on the network don't need to change their settings to see
>>> my machine. It means that hosts on two subnets can see each other as
>>> though they were on the same subnet, basically like a switch (only
>>> cheaper).
>>>
>>> Although this is much easier to do on a 2.4 kernel, it can be done
>>> under
>>> 2.2, I just can't remember how at the moment, but I remember that it
>>> does require a special utility (and there is a howto)
>>>
>>> If you _are_ running 2.4... here's how to do it.
>>>
>>> configure one card to have an address in the range 192.168.2.1 through
>>> .127,
>>> and the other in 192.168.128 through .254 and give both a
>>> 255.255.255.128 netmask.
>>> All machines on the 1-127 side need to have ip addresses in this
>>> range,
>>> all machines on the other side, ip addresses in 128-254
>>>
>>> then issue the commands... (assuming that the cable modem is on eth0,
>>> the local cards being eth1 and 2)
>>> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>>> echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp
>>>
>>> and turn on forwarding between the interfaces...
>>>
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>> The proxy arp bit basically make the machine transparent as far as the
>>> local network is concerned all machines can carry on having
>>> 255.255.255.0 netmasks.
>>>
>>> The other thing is that if you do have a firewall set up on that box,
>>> and as civileme has suggested, the forward policy is DENY, you will
>>> probably need something along the lines of.
>>>
>>> ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
>>>
>>> I make no guarantees as to the completeness or robustness of this
>>> solution, it works for me, YMMV. Hey, even if this doesn't help you a
>>> bit, I think it's pretty cool and felt like showing it off anyway :-)
>>> Plus, it may help someone else.
>>>
>>> Regards,
>>> Nathan Callahan
>>>
>>> On Tuesday, July 10, 2001, at 04:18 PM, Darcy Brodie wrote:
>>>
>>> and in his usual, amazingly helpful style...
>>>> civileme wrote:
>>>>
>>>>> On Tuesday 10 July 2001 04:47, Darcy Brodie wrote:
>>>>>> Hello
>>>>>> I hope that this can be done. I currently have a LM7.2 box
>>>>>> as a
>>>>>> firewall for our internet access. Cable modem from ISP is going to
>>>>>> eth0. eth1 (100baseT) is going to the internal network. What I
>>>>>> need
>>>>>> to
>>>>>> do, is add a 3rd network card to allow me to also have a 10baseT
>>>>>> network
>>>>>> within the local netwok. Can this be done with Linux? Have not
>>>>>> been
>>>>>> able to find any information in the how-to's on this configuration.
>>>>>> I also, if need be, have access to a second Linux file server,
>>>>>> that
>>>>>> I could add additional network cards into (it currently only has 1
>>>>>> card
>>>>>> in it)
>>>>>> I am currently using class C IP 's in the 192.168.1.X range,
>>>>>> but
>>>>>> this is flexible if required.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Darcy
>>>>>
>>>>> Just add the card and setup adaptor. If you are making this a
>>>>> different
>>>>> network and want the two to talk, you will need to setup a route and
>>>>> make
>>>>> sure your internet masquerading rules apply only to forwards pointed
>>>>> at the
>>>>> internet interface. Since the first instruction in many
>>>>> masquerading
>>>>> setups
>>>>> is
>>>>>
>>>>> ipchains -P forward DENY
>>>>>
>>>>> you will need to write a series of rules in terms of -i ethx -o ethy
>>>>> to cover
>>>>> all possible combos. Of course if you set up netmasks so they are
>>>>> effectively on the same network, then the route does not need to be
>>>>> added,
>>>>> but you still need the rules for forwarding.
>>>>>
>>>>> Another approach, using your other box, is to make it a masquerading
>>>>> gayeway
>>>>> from the 10baseT net to the 192.168 net, and use some other schem
>>>>> for
>>>>> the
>>>>> others like 172.16.x.y This permits both local net and internet
>>>>> access and
>>>>> keeps the networks separated without a lot of rules complexity.
>>>>> internet
>>>>> _________|____________
>>>>> | Gateway |
>>>>> | Current |
>>>>> | Local |
>>>>> |_____________________|
>>>>> |
>>>>> _____|___________________________
>>>>> | |
>>>>> |_________________ ______|________
>>>>> | | | | | | Other
>>>>> box |
>>>>> (current local net) | Interface to |
>>>>> |
>>>>> other |
>>>>> |______________|
>>>>> |
>>>>> ______|________
>>>>> | |
>>>>> |
>>>>> |
>>>>> (new local net)
>>>>>
>>>>> In the ASCIIgram above, the boxes shown both use masquerading and
>>>>> the
>>>>> one
>>>>> handling the 10MHz net is 100MHz on the main net, something like a
>>>>> data
>>>>> compression switch. It can also be peered with the other local net
>>>>> computers.
>>>>>
>>>>> Finally, how about just using one port off a switch to a switch for
>>>>> the
>>>>> 10BaseT machines? If you do not need a separate network, it will
>>>>> slow
>>>>> things
>>>>> only at choke points like your internet gateway/file server.
>>>>>
>>>>> Civileme
>>>>
>>>> Thanks.
>>>> I know that a switch would be the easiest way to get this to
>>>> work,
>>>> however, I
>>>> have a tight (almost non-existant) budget to work with. I will try
>>>> this probably
>>>> Tues evening
>>>>
>>>> Darcy
>>>>
>>>>
>>
>>
>
>
>
>
