Charles, Sorry folks if this is too big I was rejected for 60KB. I compressed the attachment more. 1. I modified /etc/init.d/network to add a static route to 192.168.1.0/24 via 192.168.2.253 2. Also, my INTERN_NET="192.168.2.0/24 192.168.1.0/24" 3. I do wnat my two internal networks to talk. Sooooo With regard to your WARNING below. I created a drawing included here which better illustrates what I'm doing. If I have static routes from my internal servers to 192.168.1.0/24 via 192.168.2.253 and I list both the LRP box and the .253 router as gateways for my windooze boxes, won't I be OK. Every thing on the 192.168.1.0/24 side will simply have a default gateway. Also, If a 192.168.2.0/24 box were to ask for a route to 192.168.1.0/24 wouldn't the LRP issue a ICMP redirect for the internal lans? Or is that the change I would have to make to ipchains.conf? Any help you can provide is greatly appreciated. If you need more info let me know. Thanks a bunch, Glenn Thompson Charles Steinkuehler wrote: > > I noticed you were responding to a question. Did you see the following > > posting? I received no response. > > > > Thanks a buncj if you can help. > > > > Glenn > > > > "Glenn A. Thompson" wrote: > > > > > Hi all: > > > > > > I downloaded and configured Charles Steinkuehler's Static Eiger disk > > > image. I managed to get it working with my intel ethernet cards and > > > also added vim and set it up to port forward a fews services to multiple > > > hosts. All works great. I have been using it for a month now with no > > > poblems. > > > > > > So, now the facility that was using the LRP box (via the lan it sits on) > > > will be connected to another facility through a local private T1. What I > > > want to do is get LRP to firewall (masq and portforward) for both > > > facilities. The current plan is to make one facility 192.168.1.0 and > > > the other 192.168.2.0. I figured I would just use rip on the routers > > > that route between the two facilities. > > > > > > Asumming this can be done, do I just add a second network to the > > > INTERN_NET variable in the network.conf? > > I don't see any need for RIP, just create some static routes on the LRP box > so it knows about all the networks. To connect everything to the internet, > just add multiple CIDR network specifications to the INTERN_NET variable > (NOTE: This only works with Eiger & later firewall scripts). > > WARNING: Your internal networks won't be able to talk to each other unless > you specifically create forwarding rules to allow the traffic. With the > default Eiger scripts, this means editing /etc/ipfilter.conf. > > > Clarification: I assume I need to add a > > static route from the LRP box to the the local loop router. I'm wanting > the > > LRP box to be a choke firewall for two internal lans separated by a T1. > > This sounds appropriate given your text description of the network. > Remember, a picture's worth a thousand words, even if it's an ascii-art > network diagram ;-) > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > http://lists.sourceforge.net/lists/listinfo/leaf-user
<<inline: Leafdiag.jpg>>
