Damion Milliken wrote:
> Slava Voronin writes:
>
>> Like I understand you want use linux in your office as gateway to the
>> internet, but this one on different subnet. So everything depends on how
>> packet filtering confugured on box which is between your office and your
>> personal box or do you have access to it ? You need to confugured box in
>> office to get packets from outside and send it to your personal computer .
>> Do you have access to your personal box from office write now? If yes, I
>> think it's posseable. But it's better to see diagram.
>
> OK, this is a little complicated, but I'll do my best.
>
> _____________________
> |Residential Network|---Residential Machine
> | 128.128.182.0 | 128.128.182.215
> ---------------------
> |
> |
> Residential Gateway
> 128.128.182.254
> |
> |
> Microwave Transmitter
> |
> |
> _____________________
> | Microwave Subnet |
> | 128.128.180.0 |
> ---------------------
> |
> |
> _____________________
> | Backbone Subnet |--- World Gateway --- Rest of
> | 128.128.254.0 | 128.128.254.254 World!
> ---------------------
> |
> |
> ____________________
> | Office Subnet |--- Office Machine
> | 128.128.24.0 | 128.128.24.114
> --------------------
One way to do what you want is to set up an IP-in-IP tunnel between the
residental machine and the office machine. This way the two machines will
appear to be at opposite ends of a point-to-point link (similar to a PPP
link) so you can set up the office machine as a default route for the
residental machine. You'll need to recompile the kernel on both machines
and set up the link (see /usr/src/linux/drivers/net/README.tunnel). Give
the two ends of the tunnel RFC1597 (private) IP adresses.
Next, you must add a default route on the residental machine pointing to
the office machine (use the IP address of the tunnel interface on the
office machine). You'll also need to add a route on the office machine
for the residental network pointing to the residental side of the tunnel.
Now you must set up IP masqerading on the office machine. Make sure that
only connections origination from the residental network are masqueraded.
One caveat: you'll need to set up explicit routes on both your office
machine and your residental machine to the "official" gateways on the
respective subnets. For example, on the residental machine you would use:
# route add 128.128.24.114 gw 128.128.182.254
so that the encapsulated packages can find their way between the two
machines.
Note that I haven't actually tried this before and that you may be better
off trying to make the office machine appear to be on the residental
network, as described in the aforementioned
/usr/src/linux/drivers/net/README.tunnel.
The important thing to note here is that you need to have the office
machine do IP masquerading so outbound packets appear to come from the
office network.
> OK, the residential machine has the following default routing table:
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 128.128.182.0 * 255.255.255.0 U 0 0 1 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 1 lo
> default 128.128.182.254 0.0.0.0 UG 0 0 0 eth1
>
> I then delete the default route
> # route del default
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 128.128.182.0 * 255.255.255.0 U 0 0 1 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 1 lo
>
> Then, I add in a route to the 128.128.0.0 network
> # route add -net 128.128.0.0 gw 128.128.182.254
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 128.128.182.0 * 255.255.255.0 U 0 0 4 eth1
> 128.128.0.0 128.128.182.254 255.255.0.0 UG 0 0 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 1 lo
>
> At this point I am able to telnet to any machines within the uni network,
> including the Office Machine.
>
> Then I add in a default route to the Office Machine
> # route add default gw 128.128.24.114
> Whereupon I receive the error:
> SIOCADDRT: Network is unreachable
This won't work. The default gateway must be directly accessible on one
of your interfaces, hence the need for IP tunneling.
> As an alternative, I first added a route directly to the Office Machine
> # route add -host 128.128.24.114 gw 128.128.182.254
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 128.128.24.114 128.128.182.254 255.255.255.255 UGH 0 0 0 eth1
> 128.128.182.0 * 255.255.255.0 U 0 0 8 eth1
> 128.128.0.0 128.128.182.254 255.255.0.0 UG 0 0 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 1 lo
>
> Then attempted to specify the default route as above
> # route add default gw 128.128.24.114
> Whereupon I receive the same error:
> SIOCADDRT: Network is unreachable
Same problem.
> I get the feeling that I am making a foolish routing mistake, but it all
> seems right to me. :-)
Well, this isn't exactly a standard setup, so it is bound to be a little
complicated. I'm certain that it can be made to work, though.
--
/'"`\ zzzZ | My PGP Public Key is available at:
( - - ) | <http://home1.inet.tele.dk/renehl/>
--oooO--(_)--Oooo------------------------------------------
Don't ya just hate it when there's not enough room to fin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
