George Garvey wrote:
I just installed a T1 to a new ISP using a Sangoma CSU/DSU card.
I thought I could use aliased IPs on existing gigE NICS on our LAN
to set up the hosts that need an internet routable presence.
Maybe that can be done, but not by me. I don't understand enough. I
can get it to work on the system with the T1. But not on another
computer over the LAN.
On the system with the T1, I have a gigE to the LAN, and one of the
ISP's IPs for asterisk (as an alias to the T1). That works okay. It
worked okay with the ISP's IP as an alias to eth0, too.
Edited output from ifconfig:
(this is the gigE NIC connected to a switch for our LAN)
eth0 Link encap:Ethernet HWaddr 00:07:E9:19:F3:F5
inet addr:192.168.1.17 Bcast:192.168.1.255 Mask:255.255.255.0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
(this is the T1. with the internet IP as an alias)
w1g1 Link encap:Point-to-Point Protocol
UP POINTOPOINT RUNNING NOARP MTU:1532 Metric:1
w1g1ppp Link encap:Point-to-Point Protocol
inet addr:209.101.232.82 P-t-P:209.101.232.81 Mask:255.255.255.252
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
w1g1ppp:0 Link encap:Point-to-Point Protocol
inet addr:216.132.251.226 P-t-P:216.132.251.226 Mask:255.255.255.224
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
(this is the routing table [route -n])
Destination Gateway Genmask Flags Metric Ref Use Iface
216.132.251.227 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
209.101.232.80 0.0.0.0 255.255.255.252 U 0 0 0 w1g1ppp
216.132.251.224 0.0.0.0 255.255.255.224 U 0 0 0 w1g1ppp
192.168.2.0 192.168.1.12 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 209.101.232.81 0.0.0.0 UG 0 0 0 w1g1ppp
The problem I'm having is with an alias on another computer that
needs to be on the internet. It is the IP 216.132.251.227. Traffic
internal to our LAN is routed to the computer that has that alias
(192.168.1.6). But, traffic coming from the internet gets to 209.101.232.82
and stops according to traceroute.
I'm too ignorant to understand why the host route doesn't work for
packets coming from the T1 (from the internet), and get sent to the
computer that handles that IP. This is the latest in a series of
attempts. I've also tried putting the 216.132.251.224 network on the
LAN. I've tried using the 216.132.251.227's LAN address (192.168.1.6)
as a gateway for the host route. I've tried removing the
216.132.251.224 network route entirely, and just having host routes.
What I was hoping to do was have one computer (192.168.1.17)
connected to the ISP with a T1, and serve as a router for the ISP's
IPs. That would also be connected to the internet with one of the ISP's
IPs for use by asterisk (216.132.251.226). This seems to be working
okay.
I wanted another computer (192.168.1.6) to have an aliased ISP IP
(216.132.251.227) that would let that computer also have an internet
routable address. This is what I don't seem to be able to do. The
computer with the T1 doesn't seem to route packets from the internet
to the other computer over our LAN. It does for packets originating
from our LAN. But not for packets from the internet.
I know my error is going to be obvious to everyone who actually
understands this stuff ;) I hope I've given the info to make things
clear.
I can set up a small Fast enet switch for the ISP's network, I
guess. But I was hoping not to need to do that, and add more NICs to
the computers that eventually need to be on the internet. But maybe
that is what I need to do.
Any and all advice (including things to read to decrease my
ignorance) appreciated.
First, a little terminology hygiene - IP aliasing refers having multiple
addresses on a single physical interface, masquerading is the Linux
terminology for Network Address Translation, which is what I think you want.
Look at your routing table. 216.132.251.224/27 is being routed back out
over the interface it is coming in on, w1g1ppp. You are only able to
access 216.132.251.227 from the internet because it is located on the
same physical interface that is doing your routing.
My advice is to purchase another ethernet card, so you can physically
separate the 216.132.251.224/27 and 192.168.1.0/24 networks. If asterisk
has to exist on the router, then bind it to the 209.101.232.82 address.
You'll also need to set up the iptables rules for NAT'ing your
192.168.1.0/24 network.
Best,
Dave
--
gentoo-user@gentoo.org mailing list
