Rene Hojbjerg Larsen wrote:
> Damion Milliken wrote:
>> Slava Voronin writes:
>>
>>> Like I understand you want use linux in your office as gateway to the
>>> internet, but this one on different subnet. So everything depends on how
>>> packet filtering confugured on box which is between your office and your
>>> personal box or do you have access to it ? You need to confugured box in
>>> office to get packets from outside and send it to your personal computer .
>>> Do you have access to your personal box from office write now? If yes, I
>>> think it's posseable. But it's better to see diagram.
>>
>> OK, this is a little complicated, but I'll do my best.
>>
>> _____________________
>> |Residential Network|---Residential Machine
>> | 128.128.182.0 | 128.128.182.215
>> ---------------------
>> |
>> |
>> Residential Gateway
>> 128.128.182.254
>> |
>> |
>> Microwave Transmitter
>> |
>> |
>> _____________________
>> | Microwave Subnet |
>> | 128.128.180.0 |
>> ---------------------
>> |
>> |
>> _____________________
>> | Backbone Subnet |--- World Gateway --- Rest of
>> | 128.128.254.0 | 128.128.254.254 World!
>> ---------------------
>> |
>> |
>> ____________________
>> | Office Subnet |--- Office Machine
>> | 128.128.24.0 | 128.128.24.114
>> --------------------
>
> One way to do what you want is to set up an IP-in-IP tunnel between the
> residental machine and the office machine. This way the two machines will
> appear to be at opposite ends of a point-to-point link (similar to a PPP
> link) so you can set up the office machine as a default route for the
> residental machine. You'll need to recompile the kernel on both machines
> and set up the link (see /usr/src/linux/drivers/net/README.tunnel). Give
> the two ends of the tunnel RFC1597 (private) IP adresses.
>
> Next, you must add a default route on the residental machine pointing to
> the office machine (use the IP address of the tunnel interface on the
> office machine). You'll also need to add a route on the office machine
> for the residental network pointing to the residental side of the tunnel.
> Now you must set up IP masqerading on the office machine. Make sure that
> only connections origination from the residental network are masqueraded.
>
> One caveat: you'll need to set up explicit routes on both your office
> machine and your residental machine to the "official" gateways on the
> respective subnets. For example, on the residental machine you would use:
>
> # route add 128.128.24.114 gw 128.128.182.254
>
> so that the encapsulated packages can find their way between the two
> machines.
Doh. Ignore what I wrote above. If I had bothered to read the
documentation before I posted I would have seen that this cannot work.
You will still need IP tunneling, though.
> Note that I haven't actually tried this before and that you may be better
> off trying to make the office machine appear to be on the residental
> network, as described in the aforementioned
> /usr/src/linux/drivers/net/README.tunnel.
This is definitely the way to go. You'll need to allocate an IP on the
residental network for your office machine, say 128.128.182.216. Now do
the following (or a slight variation) on the office machine:
# insmod ipip.o ; insmod tunnel.o
# ifconfig tunl 128.128.182.216 pointopoint 128.128.182.215
# ifconfig tunl netmask 255.255.255.0
# route add 128.128.182.215 dev eth0
# route add -net 128.128.182.0 dev tunl
At this point the office machine is ready to route or masquerade all
traffic from and to the residental network. The route to 128.128.182.215
is needed to route the encapsulated IP packets throught your ethernet
interface. You'll want to enable IP masqurading on the office machine for
connections originating from the residental network.
Now you need to set up the other end of the tunnel. On the residental
machine, do:
# insmod ipip.o ; insmod tunnel.o
# ifconfig tunl 128.128.182.215 pointopoint 128.128.24.114
# ifconfig tunl netmask 255.255.255.0
# route add 128.128.182.216 dev tunl
# arp -Ds 128.128.182.216 eth1 pub
The last line with "arp -Ds ..." is needed so that when machines on the
residental network wants to see if 128.128.182.216 exists, your residental
machine will respond and route any packets for this IP through the
tunnel.
You'll still need routes on your residental machine for the local network
and for the campus network, ie.
# route add -net 128.128.182.0 dev eth1
# route add -net 128.128.0.0 gw 128.128.182.254
You'll then want to set up the office machine as the default gateway on
all machines on the residental network wanting internet access (including
your own):
# route add default gw 128.128.182.216
On the office machine you need similar routes:
# route add -net 128.128.24.0 dev eth0
# route add default gw ip_of_gateway
Now you should be set to go.
> The important thing to note here is that you need to have the office
> machine do IP masquerading so outbound packets appear to come from the
> office network.
This still applies.
>> I get the feeling that I am making a foolish routing mistake, but it all
>> seems right to me. :-)
>
> Well, this isn't exactly a standard setup, so it is bound to be a little
> complicated. I'm certain that it can be made to work, though.
And this still applies :-)
--
/'"`\ zzzZ | My PGP Public Key is available at:
( - - ) | <http://home1.inet.tele.dk/renehl/>
--oooO--(_)--Oooo------------------------------------------
Don't ya just hate it when there's not enough room to fin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
