Hello List, I’ve got perhaps an unusual question for you:
I’ve inherited a lan setup which ought to be private but instead uses 192.9.200.0/24 as IP range. The lan was kept as is and migrated to vlan4. As the hardware on this vlan are PLC’s and such, I cannot change it to f.i. 192.168.3.0/24. I can only get pc’s in vlan2 (office) to connect to vlan4 (production-site) if I use static IP addresses on the office PC’s and give them 2 IP’s (in each (v)lan), but I need DHCP for laptop users I was thinking along these lines, but that is not allowed: DNAT vlan2 vlan4:192.9.200.64:23 tcp 23 - net:192.9.200.64 What I basically want is to redirect/forward all traffic (tcp/udp & all ports) from vlan2 to net:192.9.200.0/24 to vlan4:192.9.200.0/24 For example I want to telnet & ftp from 10.201.13.105 (vlan2) to 192.9.200.64 (vlan4) Underneath some info regarding my setup: /etc/net work/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp # vlan1 is not used as it is the default vlan in many switches auto vlan2 auto vlan3 auto vlan4 auto vlan5 # VLAN 2 : office iface vlan2 inet static address 10.201.13.10 netmask 255.255.255.0 network 10.201.13.0 broadcast 10.201.13.255 mtu 1500 vlan_raw_device eth1 # VLAN 3 : flourmill iface vlan3 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 mtu 1500 vlan_raw_device eth1 # VLAN 4 : production iface vlan4 inet static address 192.9.200.10 netmask 255.255.255.0 network 192.9.200.0 broadcast 192.9.200.255 mtu 1500 vlan_raw_device eth1 # VLAN 5 : visitors & wifi --> only internet access iface vlan5 inet static address 192.168.2.10 netmask 255.255.255.0 network 192.168.2.0 broadcast 192.168.2.255 mtu 1500 vlan_raw_device eth1 /sbin/shorewall version 3.2.6 ip addr show 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:19:bb:cf:08:38 brd ff:ff:ff:ff:ff:ff inet6 fe80::219:bbff:fecf:838/64 scope link valid_lft forever preferred_lft forever 3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 576 qdisc pfifo_fast qlen 100 link/ether 00:18:71:eb:54:f8 brd ff:ff:ff:ff:ff:ff inet 81.82.243.114/24 brd 255.255.255.255 scope global eth0 5: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 23: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:19:bb:cf:08:38 brd ff:ff:ff:ff:ff:ff inet 10.201.13.10/24 brd 10.201.13.255 scope global vlan2 inet6 fe80::219:bbff:fecf:838/64 scope link valid_lft forever preferred_lft forever 24: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:19:bb:cf:08:38 brd ff:ff:ff:ff:ff:ff inet 192.168.1.10/24 brd 192.168.1.255 scope global vlan3 inet6 fe80::219:bbff:fecf:838/64 scope link valid_lft forever preferred_lft forever 25: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:19:bb:cf:08:38 brd ff:ff:ff:ff:ff:ff inet 192.9.200.10/24 brd 192.9.200.255 scope global vlan4 inet6 fe80::219:bbff:fecf:838/64 scope link valid_lft forever preferred_lft forever 26: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:19:bb:cf:08:38 brd ff:ff:ff:ff:ff:ff inet 192.168.2.10/24 brd 192.168.2.255 scope global vlan5 inet6 fe80::219:bbff:fecf:838/64 scope link valid_lft forever preferred_lft forever 49: vpn-user: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.30.0.1 peer 10.30.0.2/32 scope global vpn-user ip route show 10.30.0.2 dev vpn-user proto kernel scope link src 10.30.0.1 10.201.13.0/24 dev vlan2 proto kernel scope link src 10.201.13.10 10.30.0.0/24 via 10.30.0.2 dev vpn-user 192.168.2.0/24 dev vlan5 proto kernel scope link src 192.168.2.10 192.168.1.0/24 dev vlan3 proto kernel scope link src 192.168.1.10 81.82.243.0/24 dev eth0 proto kernel scope link src 81.82.243.114 192.9.200.0/24 dev vlan4 proto kernel scope link src 192.9.200.10 default via 81.82.243.1 dev eth0 Any ideas? Thanks in advance! Cheers, Jord ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
