Summary of connectivity
A/ 192.168.0.1 > 10.0.0.1 # YES/yes - Always
B/ 192.168.0.1 > 10.0.0.2 # YES/yes - Always
C/ 10.0.0.1 > 10.0.0.2 # YES/no - EXCEPT when 2nd NAT
applied
D/ 10.0.0.1 > 192.168.0.3 # NO/yes - EXCEPT when 2nd NAT
applied
E/ 10.0.0.1 > 192.168.0.1 # YES/no - BUT ONLY when route is
applied
I find C interesting ... can't ping a gateway in its own network when... !
10.0.0.2 a "gateway" but not actually defines anywhere as such.
IE : 10.0.0.x defines 10.0.0.1 as a gateway,
192.168.0.x defines 192.168.0.1 as a gateway,
192.168.0.1 defines 10.0.0.1 as a gateway,
Cheers
Roger
Hi Phil
This may clarify my/our confusions:
every combo gets a YES ..... depending on .........
3 distinct steps:
pings without route added , without 2nd NAT
pings with route added , without 2nd NAT
pings with route added , with 2nd NAT # all machines connect
to the internet
Note
Your origonal post had the following line
route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2 eth1
I actually was putting it into my machine as below (eth1 >eth0)
route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.1 eth0
even though i was posting back as "eth1"
OK heres some facts:
3 machines rebooted 10.0.0.1, 192.168.0.1 ,192.168.0.3
as per
10.0.0.1 Machine: eth0 -> 10.0.0.1 -> route to 10.0.0.x
10.0.0.1 Machine: eth1 -> ADSL ppp0 -> default route
10.0.0.1 Machine: eth0 -> route to 192.168.0.x via gateway 10.0.0.2 #
eth1 >eth0
10.0.0.x Machines: gateway -> 10.0.0.1
192.168.0.1 Machine: eth0 -> 192.168.0.1 -> route to 192.168.0.x
192.168.0.1 Machine: eth1 -> 10.0.0.2 -> route to 10.0.0.x
192.168.0.1 Machine: eth1 -> default route -> 10.0.0.1
192.168.0.x Machines: gateway -> 192.168.0.1
###########################################################################
pings without route added , without 2nd NAT
pings: 192.168.0.1 >192.168.0.3 Yes
pings: 192.168.0.1 >10.0.0.1 Yes
pings: 192.168.0.1 >10.0.0.2 Yes #itself eth1
pings: 192.168.0.3 >10.0.0.2 Yes
pings: 192.168.0.3 >10.0.0.1 NO # NAT is turned off
192.168.0.1
pings: 10.0.0.1 >10.0.0.2 Yes # belongs to 192.168.0.1
eth1
pings: 10.0.0.1 > 192.168.0.1 NO # route is not added yet
pings: 10.0.0.1 > 192.168.0.3 NO # route is not added yet
###########################################################################
NOW ADD this:
10.0.0.1 Machine: eth0 -> route to 192.168.0.x via gateway 10.0.0.2 #
eth1 >eth0
- make sure eth1 on 10.0.0.1 is the default gateway or route to ADSL
- On 10.0.0.1 run
route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2 eth0 # routes
jump from 7 to 9
- Make sure default gateway on 192.168.0.1 is 10.0.0.1
###########################################################################
pings with route added , without 2nd NAT
pings: 192.168.0.1 >192.168.0.3 Yes
pings: 192.168.0.1 >10.0.0.1 Yes
pings: 192.168.0.1 >10.0.0.2 Yes #itself eth1
pings: 192.168.0.3 >10.0.0.2 Yes
pings: 192.168.0.3 >10.0.0.1 NO # 2nd NAT is turned off
192.168.0.1
pings: 10.0.0.1 >10.0.0.2 Yes # belongs to 192.168.0.1
eth1
pings: 10.0.0.1 > 192.168.0.1 YES #change
pings: 10.0.0.1 > 192.168.0.3 NO # 2nd NAT is turned off
192.168.0.1
###########################################################################
Add NAT on 192.168.0.1
###########################################################################
pings with route added , with 2nd NAT
pings: 192.168.0.1 >192.168.0.3 Yes
pings: 192.168.0.1 >10.0.0.1 Yes
pings: 192.168.0.1 >10.0.0.2 Yes #itself eth1
pings: 192.168.0.3 >10.0.0.2 Yes
pings: 192.168.0.3 >10.0.0.1 YES #change
pings: 10.0.0.1 >10.0.0.2 NO #change
pings: 10.0.0.1 > 192.168.0.1 YES
pings: 10.0.0.1 > 192.168.0.3 YES #change
###########################################################################
----- Original Message -----
From: "Phil Scarratt" <[EMAIL PROTECTED]>
To: "The Salisburys" <[EMAIL PROTECTED]>
Sent: Friday, August 06, 2004 11:02 AM
Subject: Re: simple network questions . How to add a route to connect to
adifferent class C network ie "can't connect from 10.0.0.x to192.168.0.x"
> The Salisburys wrote:
>
> > > You should only need NAT on 10.0.0.1 I think. Here goes a little "on
> > > paper" reasoning:
> > correct
> > Yeah a bit of confusion before. my fault! sorry
> > Heres an interesting side piece:
> >
> >
> > *IF* making the route incorrectly
> > 10.0.0.1 Machine: eth1 -> route to 192.168.0.x via gateway 10.0.0.*1*
> > route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.1 eth1
> > rather than:
> > 10.0.0.1 Machine: eth1 -> route to 192.168.0.x via gateway 10.0.0.*2*
> > route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2 eth1
> >
> > you will need to run NAT twice (also on 192.168.0.1)
> > which may be a good idea anyway for when 192.168.0.x. doesn't need
> > internet.
> >
> > The 192.168.0.x being perhaps more *secure*!
> > At least that was my experience ... be wrong a few times though
> >
>
> That's interesting....hmmmm....this would be because the NAT on the
> 192.168.0.1 disguises any 192.168.0.x src ip address as 10.0.0.2 which
> means the network outside the 192.168.0.x returns the packet to 10.0.0.2
> which de-NAT's the packet and returns to appropriate src. Getting from
> 10.0.0.x to 192.168.0.x would be a problem though would it not? I
> thought originally you needed to get between the two, both ways? Does it
> work in reverse? ie 10.0.0.x to 192.168.0.x?
>
> It would add a little overhead when going from 192.168.0.x to internet
> due to the double NAT'ing.
>
> Fil
>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
