Hello,
Is routing within the same network possible?
If it is, what configuration should I put for the firewall/router shown below? I
basically want the host debian13 to be able to send packets via a multi-homed
firewall. I think the multi-homed firewall involve some routing.
+-------------------+
|debian13 |
|eth0:192.168.0.13 |
+-------------------+
|eth0
|
|eth0
+--------------------------+
|firewall/router(linux-box)|
|which configuration here? |
+--------------------------+
|eth1
|
+----------------------+
| |
|eth0 |eth0
+-------------------+ +-------------------+
|eth0:192.168.0.15 | |eth0:192.168.0.16 |
|debian15 | |debian16 |
+-------------------+ +-------------------+
Thank you!
Victor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > >Hello, > >+-------------------+ >|debian13 | >|eth0:192.168.0.13 | >+-------------------+ > |eth0 > | > |eth0 >+--------------------------+ >|firewall/router(linux-box)| >|which configuration here? | >+--------------------------+ > |eth1 > | > +----------------------+ > | | > |eth0 |eth0 >+-------------------+ +-------------------+ >|eth0:192.168.0.15 | |eth0:192.168.0.16 | >|debian15 | |debian16 | >+-------------------+ +-------------------+ > > >Thank you! > >Victor >Sounds like you want to use bridging and ebtables to the firewalling. http://bridge.sf.net is probably a good place to start. Alan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
With my little knowledge of TCP/IP, i dont think routing withing thesame network is possible. Routing means moving from one network to another. Thank You Yemi n--- Victor Catten <vlcparis@earthlink.net> wrote:> Hello, > > Is routing within the same network possible? > If it is, what configuration should I put for the > firewall/router shown below? I basically want the > host debian13 to be able to send packets via a > multi-homed firewall. I think the multi-homed > firewall involve some routing. > > +-------------------+ > |debian13 | > |eth0:192.168.0.13 | > +-------------------+ > |eth0 > | > |eth0 > +--------------------------+ > |firewall/router(linux-box)| > |which configuration here? | > +--------------------------+ > |eth1 > | > +----------------------+ > | | > |eth0 |eth0 > +-------------------+ +-------------------+ > |eth0:192.168.0.15 | |eth0:192.168.0.16 | > |debian15 | |debian16 | > +-------------------+ +-------------------+ > > > Thank you! > > Victor > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://lartc.org/ __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Yes you can. Think of this. As this mail says, routing is to move packets between two different networks. Thats right. Ill just let aside the theory and all that bored stuff. Now, very very very very basic, how you define a network? with a network address and a mask. How packets gets routed? by the more specific address. So, 192.168.0.15/32 and 192.168.0.16/32 will be more specific than the lan. so there will be routing. Layer 2 will be who take the packet and carries it to the next hop. So its perfectly legal and believe me that it works if you put a more specific static for a connected lan. An example my connected lan is 192.168.0.0/24 now, i have in 192.168.1.12 a box with 2 interfaces with some connected addresses from this lan (13,14,15), if this addresses are configured in the interface, theres no need for routing, because the box accepts arp requests for 13,14,15 and layer 2 will have the information to switch packet to those addresses. But, what if those addresses are not configured and are just simple used for nat (for example), there is no arp request and arp reply for those addresses, so L2 will not know how to reach those destinations. In this case you can instruct L3 to reach those destinations (yes, routing) like this just if youre using iproute2 just type ip route add 192.168.0.13/32 via 192.168.0.12 ip route add 192.168.0.14/31 via 192.168.0.12 when a request for 13,14,15 need to be passed, there is no arp entry for those addresses, so it will check L3 information that is the routing table in this case, it will find 192.168.0.12/32 as next hop for those addresses, so it will check for a arp entry for 192.168.0.12 (that really exists) and will switch the packet with destination mac > the one that belongs to 192.168.0.12 destination ip address > 13,14,15 hope this helps ----- Original Message ----- From: "Yemi Fowe" <foweyemi@yahoo.com> To: "Victor Catten" <vlcparis@earthlink.net>; <lartc@mailman.ds9a.nl> Sent: Saturday, June 12, 2004 9:39 AM Subject: Re: [LARTC] routing within the same network? is it possible?> With my little knowledge of TCP/IP, i dont think > routing withing thesame network is possible. > Routing means moving from one network to another. > Thank You > Yemi > > > n--- Victor Catten <vlcparis@earthlink.net> wrote: > > Hello, > > > > Is routing within the same network possible? > > If it is, what configuration should I put for the > > firewall/router shown below? I basically want the > > host debian13 to be able to send packets via a > > multi-homed firewall. I think the multi-homed > > firewall involve some routing. > > > > +-------------------+ > > |debian13 | > > |eth0:192.168.0.13 | > > +-------------------+ > > |eth0 > > | > > |eth0 > > +--------------------------+ > > |firewall/router(linux-box)| > > |which configuration here? | > > +--------------------------+ > > |eth1 > > | > > +----------------------+ > > | | > > |eth0 |eth0 > > +-------------------+ +-------------------+ > > |eth0:192.168.0.15 | |eth0:192.168.0.16 | > > |debian15 | |debian16 | > > +-------------------+ +-------------------+ > > > > > > Thank you! > > > > Victor > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://lartc.org/ > > > > > > __________________________________ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Victor Catten wrote:> Hello, > > Is routing within the same network possible? > If it is, what configuration should I put for the firewall/router shown> below? I basically want the host debian13 to be able to send packets via > a multi-homed firewall. I think the multi-homed firewall involve some > routing.> +-------------------+ > |debian13 | > |eth0:192.168.0.13 | > +-------------------+ > |eth0 > | > |eth0 > +--------------------------+ > |firewall/router(linux-box)| > |which configuration here? | > +--------------------------+ > |eth1 > | > +----------------------+ > | | > |eth0 |eth0 > +-------------------+ +-------------------+ > |eth0:192.168.0.15 | |eth0:192.168.0.16 | > |debian15 | |debian16 | > +-------------------+ +-------------------+Hello, see http://lartc.org/howto/lartc.bridging.proxy-arp.html or try this: on router: ifconfig eth0 192.168.0.1 netmask 255.255.255.255 -broadcast ifconfig eth1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 route add -host 192.168.0.13 device eth0 echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp echo 1 >/proc/sys/net/ipv4/ip_forward on debianXY: ifconfig eth0 192.168.0.XY netmask 255.255.255.0 broadcast 192.168.0.255 HTH, -- Martin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Peteris Krumins
2004-Jun-14 05:55 UTC
Re: routing within the same network? is it possible?
Hello Victor, Friday, June 11, 2004, 5:21:05 PM, you wrote: VC> +-------------------+ VC> |debian13 | VC> |eth0:192.168.0.13 | VC> +-------------------+ VC> |eth0 VC> | VC> |eth0 VC> +--------------------------+ VC> |firewall/router(linux-box)| VC> |which configuration here? | VC> +--------------------------+ VC> |eth1 VC> | VC> +----------------------+ VC> | | VC> |eth0 |eth0 VC> +-------------------+ +-------------------+ VC> |eth0:192.168.0.15 | |eth0:192.168.0.16 | VC> |debian15 | |debian16 | VC> +-------------------+ +-------------------+ Transparent proxiing will do the trick. You even wont have to change the default routes on .15 and .16. 1) Assign 192.168.0.14 for the eth0 interface on the router. 2) Assing 0.0.0.0 for eth1 interface on the router. 3) Add routes .15 and .16 via eth1 4) Add a default gw (via eth0,since we gave only that interface an ip) 5) echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp P.Krumins _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/