At 03:27 AM 12/5/98 -0800, [EMAIL PROTECTED] wrote:
>Am I on track so far?
Almost.
>I'm reading and being told to set the IP Masq machine as the gateware
>for every single client machine which is being granted masq privleges.
>But doesn't that mean every single packet broadcast from those machines
>with have a Network destination of the Linux machine acting as the IP
>Masq host?
The thing you are missing is the network mask. If the final destination of
the packet is on the current local physical network, then (if your network
mask is set up properly) the gateway is not used. For all addresses that
fail the mask test (ie they are not on the physical local network) the
packet will be sent to the linux machine gateway. It then uses its own
routing tables and network masks to determine which interface to send the
packet out on, and also if it will need to be addressed to the next gateway
along the way.
>Doesn't that mean that if I configure a Win95 host on the network to
>use the IP Masq machine as the gateway will send every single network
>packet to that host?
Only the packets destined for outside the local network.
>Since Win95 doesn't seem to have the
>ability to set up a routing table, how can it distinguish between a
>packet which needs to be sent to host X for routing to the Internet, and
>a packet which it can send to the switch for routing?
Win95 machines CAN set up complex route tables.
That being said, they don't really have to bother. You linux machine can be
used as a gateway that takes all packets destined for other networks. If
they go to the internet, then it can masquerade or whatever and send them
out ppp0. If they should go to the switch to be routed to another internal
network, then the linux machine can do that. You set up the routing tables
once on the linux machine, and it will make your setup of all other
machines on the network much easier because they will only need a default
route to the linux machine.
>
>> > How are these routing rules affected by the fact that I have a dynamic
>> > IP on the internet side?
>>
>> Your masq box has two IP addresses. One is dynamic, on the ppp0
>> interface; the other is static, and is the IP you choose for the box on
>> your local LAN. Your routes from the other boxes are directed to that
>> static eth0 address, and so the dynamic IP doesn't even matter to them.
>> They don't have to know or care. :)
>
>Gotcha. I wasn't being specific enough. I am worrying about the case
>where pppd loses a connection and redials into the ISP to get a new
>internet gateway. It turns out pppd can be configured to change the
>default route automatically. You have to use the default route for
>the dynamic internet gateway address, and have routes set up for all
>other networks the box might happen to be connected to.
The first reply to your problem is still correct. You can ignore that
because the linux machine is merely forwarding packets to a new interface
based on the routing tables. When ppp redials and gets a new IP, the
routing tables change and suddenly your forwarding works using the new IP.
The only problem you might run into is if you use ipportfw or something
that requires you to enter the actual ip addressed of the interfaces to
forward between. In a case such as that, when the ip changes the rule will
suddenly be wrong. Clearly, when you are using a system like that you have
to put something in the scripts doing your redialing so that when the
interface comes up with a new ip address it will enter new rules with the
new ip. As far as I have heard, you do not use something with this problem,
so you can in fact completely ignore the fact that you have a dynamic ip,
because it's set up to change the default route for you.
THT,
--
Sandy Coyne, obviously "A day without sunshine is like
[EMAIL PROTECTED] a day without orange juice"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
