> On Mon, 7 Jan 2002, David B. Cook wrote: > > > Folks, I'm still confused about the internal routing on a > > Dachstein FW > > with 2 internal interfaces. I simply want to route between > > eth1 & eth2 > > freely while MASQ'ing both to the outside world. I do not > > want one to be a > > DMZ - they are both peer legs to the network.
I'm routing two internal interfaces, but use a modified LRP 2.9.8. > > > > My internal addresses are from the reserved block. > > eth1_IPADDR=172.16.40.250 > > eth1_MASKLEN=24 > > eth1_BROADCAST=+ > > eth1_IP_SPOOF=YES > > eth1_IP_KRNL_LOGMARTIANS=YES > > eth1_IP_SHARED_MEDIA=NO > > eth1_BRIDGE=NO > > eth1_FAIRQ=NO > > > > eth2_IPADDR=172.16.50.250 > > eth2_MASQLEN=24 > > ... etc... > > eth2_ROUTES="172.16.40.255/24_via_172.16.40.250" I'm not sure what this is supposed to do, but it looks wrong. Are you sure that isn't supposed to be something like: eth2_ROUTES="172.16.40.0/24_via_172.16.40.250" On a system with direct control of ipchains, you'd use something like: /sbin/ipchains -A forward -b -j ACCEPT -s 172.16.40.0/24 -d 172.16.50.0/24 What does "ipchains -n -L forward" show? > > > > I have set the masqlen on both interfaces to 24 as I have heard is > > necessary to MASQ both interfaces to the outside. I'm not > > sure if this is > > part of my problem. I have added what I think is a route > > between eth1 & > > eth2 but obviously as I am writting this ... it does not work. Can > > somebody give me some pointers?? > > > > Thanks, dbc. > > -- > > > > David B. Cook, <[EMAIL PROTECTED]> > > The only "Windows" this software came close to had an "X" > in front of it. > > > > I've been trying to get this same scenario to work off and on > for about > six months; I am reasonably sure at this point that it is not possible > to do with LEAF or with a full distribution. > > Your best path to success is going to be two routers with floating > static routes and a routing daemon (e.g. zebra or routed) or a > ping-check script. > > -- > Jack Coates > Monkeynoodle: A Scientific Venture... Um, I think dbc is asking about two internal interfaces, while you've been trying to route out of two external interfaces. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
