First.. you eluded to the fact that the Linux box doesn't
have a TR NIC installed. If it doesn't, how would users
on the TR segment communicate to the Linux box? They need
to be either connected via a router or the Linux box.
Anyway.. if you DID have a TR card in the Linux box:
You need to enable the token ring NIC to MASQ traffic and
you also need to specify either the "-w" or "-V" command when
you have multiple NICs in the MASQ'ing Linux box. The parameter
"-w" tells MASQ to send all outgoing traffic by interface name
(eth0, tr0, etc). "-V" does it by IP address. I don't believe
you can use both the -w and -V parameters at the same time.
Here is how you do it (assuming your Inet connection is on ppp0):
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a masq -S 192.9.203.0/24 -D0.0.0.0/0 -w ppp0
/sbin/ipfwadm -F -a masq -S 192.9.200.0/24 -D0.0.0.0/0 -w ppp0
But.. these rules will NOT allow machines on the TR side talk
to machines on the ETH side. If you want to ALSO do that.. do this:
(Based on an archive from Henrik)
--
# A simple ruleset for forwarding internal and masquerade external
ipfwadm -F -p deny
ipfwadm -F -f
ipfwadm -F -a -V netcard1 -D net2/24
ipfwadm -F -a -V netcard2 -D net1/24
ipfwadm -F -a -m -W outgoing_interface_name
Where netcard1 and netcard2 is replaced with the IP network assigned on
the Linux box and net1/2 with the specific network addresses for each
NIC on the Linux box. The outgoing interface name is the name of your
outgoing interface.. ppp0 or eth3 or whatever it is.
--
--David
At 08:41 AM 8/5/98 -0400, Dan Hill wrote:
>I have one fast ethernet segment and one token ring segment on my
>network. My linux box has a fast ethernet card and a modem. I have no
>problems accessing the internet from NT and 95 PC's on the ethernet
>side, 192.9.203.xx. My question is how do i access the linux box from
>my token ring side, 192.9.200.xx? I can ping the linux box and even
>telnet and ftp to the linux box from the token ring side. I am assuming
>that my problem is with gateway settings. I have the gateways for both
>the token ring to ethernet and LAN to internet in the settings, but all
>of my attempts to access the internet time out. Is the best possible
>solution just putting a TR card in the linux box?
>
>Thanks in advance.
>
>Dan
>[EMAIL PROTECTED]
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
