The Salisburys wrote:
Thanks Phil
explained really well!
works like a treat ... the two card option "A".
BUT Have to disable NAT on 198.192.0.1 to
connect from 10.0.0.x to 192.168.0.x. ....
So for both networks to use the single ADSL connection I believe you must have
NAT running on 10.0.0.1 and 192.168.0.1
You should only need NAT on 10.0.0.1 I think. Here goes a little "on paper" reasoning:
All internal machines know how to get to 192.168.0.x or 10.0.0.x as the 10.0.0.1 machine knows how to get to both networks. The 10.0.0.1 machine is effectively the default gateway for both internal lan's as the 192.168.0.1 machine will route anything it doesn't know about to 10.0.0.1. To my mind, this means you only need to hide or masquerade addresses when they are going outside the 192.168.0.x or 10.0.0.x ranges - ie NAT on 10.0.0.1.
A few eg's:
Src: 192.168.0.4
Dst: 10.0.0.3
- 192.168.0.4 -> 192.168.0.1
- 192.168.0.1 becomes 10.0.0.2
- 10.0.0.2 -> 10.0.0.4 (as 192.168.0.1 knows that eth1 is the 10.0.0.x network
Src: 10.0.0.5 Dst: 192.168.0.7 - 10.0.0.5 -> 10.0.0.1 (as the default gateway) - 10.0.0.1 -> 10.0.0.2 (as configured in route tables) - 10.0.0.2 becomes 192.168.0.1 - 192.168.0.1 -> 192.168.0.7
Src: 192.168.0.8
Dst: www.google.com.au
- 192.168.0.7 -> 192.168.0.1
- 192.168.0.1 becomes 10.0.0.2
- 10.0.0.2 -> 10.0.0.1
- 10.0.0.1 -> ppp0 (NAT'ing the originating address from 192.168.0.7 to public IP of ppp0 so that on return it sends to 192.168.0.7, which 10.0.0.1 knows how to get to).
Haven't tried the three card option "B" ..........does it have any pros
To my mind, it seems simpler to configure and maintain. It does however put the 192.168.0.x network a little "closer" to the outside world, which may or may not matter.
PS couldn't find your list mail .......glitch somewhere?
Not sure what you mean. I only sent the message to the list, not to you and the list.
Fil
Roger
##########################################
Option A: As you have it
Two options:
10.0.0.1 Machine: eth0 -> 10.0.0.1 -> route to 10.0.0.x 10.0.0.1 Machine: eth1 -> ADSL ppp0 -> default route 10.0.0.1 Machine: eth1 -> route to 192.168.0.x via gateway 10.0.0.2 10.0.0.x Machines: gateway -> 10.0.0.1
192.168.0.1 Machine: eth0 -> 192.168.0.1 -> route to 192.168.0.x 192.168.0.1 Machine: eth1 -> 10.0.0.2 -> route to 10.0.0.x 192.168.0.1 Machine: eth1 -> default route -> 10.0.0.1 192.168.0.x Machines: gateway -> 192.168.0.1 To do this: - make sure eth1 on 10.0.0.1 is the default gateway or route - On 10.0.0.1 run route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2 eth1 - Make sure default gateway on 192.168.0.1 is 10.0.0.1
Option B: Make one gateway with 2 networks hanging off it
GW eth0: ADSL ppp0 -> default route GW eth1: 10.0.0.1 -> route to 10.0.0.x GW eth2: 192.168.0.1 -> route to 192.168.0.x
This should work without any further configuring. Machines on both networks have gateway set to x.x.0.1, and the .0.1 machine knows how to get to both network arms as well as internet.
Fil
<mailto:[EMAIL PROTECTED]>
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
