[NTLUG:Discuss] Routing question

Jack Snodgrass idiotboy at cybermail.net
Sat Jun 23 18:57:38 CDT 2001 

I am fairly certain that this can be done with normal ( no NAT or
masquerade required ).... I just can't get it to work.

'A' should listen for 'ARP Who Is' packets that are addressed to 'B'.
'A' should respond with 'A''s MAC address on the NIC card. The
packet for 'B' will be sent to 'A' via the NIC card. 'A' has a route
set up for 'B' through a different NIC card and routes the packet
out that interface.  This is not common... but I think that it's
just TCP/IP. Similar to a box with a ethernet and a PPP link.
The device on the other side of the PPP Link can have the same
subnet as the ethernet network. The box routes between the
ethernet and ppp link.

Anyway... I want to avoid NAT or IPChains if I can.

jack


----- Original Message -----
From: "Richard Geoffrion" <richard at rain.lewisville.tx.us>
To: <discuss at ntlug.org>
Sent: Saturday, June 23, 2001 12:55 PM
Subject: Re: [NTLUG:Discuss] Routing question


> would this work for you?
>
> #add a secondary IP address to the 192.168.100.1 nic
> ifconfig eth0:1 192.168.100.200 broadcast 192.168.100.255 netmask
> 255.255.255.0
>
> #portforward the packet type to the new address. (in this case port 80)
>  ipmasqadm portfw -a -P tcp -L 192.168.100.200 80 -R 192.168.200.2 80
>
> ok..well I know that's not exactly what you wanted...hmm...I think you are
> wanting some sort of DNAT solution.  You need to NAT an entire ip address
> (all ports) to another address.
>
> Here is this from a previous post I left.
> [snip]
> I found this site ( http://www.linuxports.com/howto/networking/x1522.htm )
> that discussed what I thought was going to be the answer to the one-to-one
> NAT thang!  In practice it didn't work. Well, *I* didn't get it working
> anyway...
>
> Here's a snippet of what I read.
>
> <snip>
> Now, to translate addresses of incoming datagrams, the following command
is
> used:
>     ip route add nat <ext-addr>[/<masklen>] via <int-addr>
>
> This will make an incoming packet destined to "ext-addr" (the address
> visible from outside Internet) to have its destination address field
> rewritten to "int-addr" (the address in your internal network, behind your
> gateway/firewall). The packet is then routed according to the local
routing
> table. You can translate either single host addresses or complete blocks.
> Examples:
>
> ip route add nat 195.113.148.34 via 192.168.0.2
> ip route add nat 195.113.148.32/27 via 192.168.0.0
>
> The First command will make internal address 192.168.0.2 accessible as
> 195.113.148.34. The second example shows remapping block 192.168.0.0-31 to
> 195.113.148.32-63.
> </snip>
>
> The problem I had is that I couldn't figure out what I was supposed to do
> with the source addresses.  Was I suppose to bind them to the NIC or leave
> them alone?  I *THINK* I'm supposed to bind them to the NIC.  I was able
to
> successfully get NAT working to do a PING, but then that was it.  Getting
> the traffic from the local machine to go back out that same IP address
> didn't work.
>
> Anyway.  Food for thought.
>
>
> ----- Original Message -----
> From: "Jack Snodgrass" <idiotboy at cybermail.net>
> To: <discuss at ntlug.org>
> Sent: Saturday, June 23, 2001 11:44 AM
> Subject: [NTLUG:Discuss] Routing question
>
>
> > I think that I've done this in the past, but I can't seem
> > to figure out how to make it work now.
> >
> > I've got a box with two NIC cards:
> > 192.168.100.1/255.255.255.0
> > and
> > 192.168.200.1/255.255.255.0
> >
> > I've got a second box that has a single NIC card
> > 192.168.200.2/255.255.255.0
> > and I want it to answer for
> > 192.168.100.200/255.255.255.255.
> >
> > So I want anyone on the 192.168.100.0/255.255.255.0 network
> > to route traffic for 192.168.100.200 via 192.168.100.1 but
> > I don't want to add a static route on every 192.168.100.x
> > PC for the special 192.168.100.200 route that goes via the
> > .1 box.
> >
> > I have the 2.2.19 kernel.
> >
> > I thought that I could do a arp publish for the .200 box
> > on the .1 box but that doesn't seem to work.
> >
> > Does anyone know what I'm doing wrong?
> >
> > jack
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list