Thibodeau, Jamie L.
2005-Aug-23 15:52 UTC
Public to Private address routing: A little off topic, NOT WORTH TOM''s Time
I have a routing/shorewall type question that I''m hoping someone can shed some light on. I have a network xxx.xxx.70.0/23. I want to place a shorewall box on one of these addresses and place a lot of computers behind it. I know that I can make this work. The question I have. Is there a way that I can route traffic from xxx.xxx.70.0/23 to the RFC1918 addresses behind the shorewall box so that from xxx.xxx.70.x I can connect directly to 192.168.1.x? There is a router that is locally controlled if that makes a difference. If this is possible does anyone use a setup like this? Also how would shorewall be configured? I know there are other solutions to this problem i.e second interface with 192 address on any machine I want to access that subnet BUT there are factors that limit that ability. Any help would be greatly appreciated. Jamie Thibodeau Info Tech Spec II University Libraries University of Oklahoma (405)325-3181 "Productivity is determined not by work...but by EFFECTIVE actions disguised as work"
K." Bräckelmann
2005-Aug-23 18:27 UTC
Re: Public to Private address routing: A little off topic, NOT WORTH TOM''s Time
On Tue, 2005-08-23 at 10:52 -0500, Thibodeau, Jamie L. wrote:> I have a routing/shorewall type question that I''m hoping someone can > shed some light on.I''ll give it a try. :)> I have a network xxx.xxx.70.0/23. I want to place a shorewall box on > one of these addresses and place a lot of computers behind it. I know > that I can make this work. > > The question I have. Is there a way that I can route traffic from > xxx.xxx.70.0/23 to the RFC1918 addresses behind the shorewall box so > that from xxx.xxx.70.x I can connect directly to 192.168.1.x? There > is a router that is locally controlled if that makes a difference. If > this is possible does anyone use a setup like this? Also how would > shorewall be configured?Shorewall doesn''t care about nor interfere with your routing. So this is not a Shorewall related question. If I get you right, the solution doesn''t involve Shorewall at all: All you need is to have all your machines use the above mentioned "Shorewall box" as default route. Or simply add a route to any host in your x.y.70.0/23 network that needs to access those machines in the private 192.168.1.0/24 network to use that very same box as gateway.> I know there are other solutions to this problem i.e second interface > with 192 address on any machine I want to access that subnet BUT there > are factors that limit that ability.Sounds like a lot of wires and switches and a scary set up... ;) HTH karsten ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Thibodeau, Jamie L.
2005-Aug-23 18:57 UTC
RE: Public to Private address routing: A little off topic, NOT WORTH TOM''s Time
Thanks, Your response makes a lot of sense but I was wondering if there is something I could do in the perimeter router that could do it Maybe add a route (I''m not good with routing but this is my shot at it) Source xxx.xxx.70.x/23 Destination 192.168.1.0/24 (through ???) xxx.xxx.70.x (shorewall box)?? I don''t know the syntax of adding routes so that''s what I was looking for I think... -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of K. Bräckelmann Sent: Tuesday, August 23, 2005 1:28 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Public to Private address routing: A little off topic, NOT WORTH TOM''s Time On Tue, 2005-08-23 at 10:52 -0500, Thibodeau, Jamie L. wrote:> I have a routing/shorewall type question that I''m hoping someone can > shed some light on.I''ll give it a try. :)> I have a network xxx.xxx.70.0/23. I want to place a shorewall box on > one of these addresses and place a lot of computers behind it. I know > that I can make this work. > > The question I have. Is there a way that I can route traffic from > xxx.xxx.70.0/23 to the RFC1918 addresses behind the shorewall box so > that from xxx.xxx.70.x I can connect directly to 192.168.1.x? There > is a router that is locally controlled if that makes a difference. If > this is possible does anyone use a setup like this? Also how would > shorewall be configured?Shorewall doesn''t care about nor interfere with your routing. So this is not a Shorewall related question. If I get you right, the solution doesn''t involve Shorewall at all: All you need is to have all your machines use the above mentioned "Shorewall box" as default route. Or simply add a route to any host in your x.y.70.0/23 network that needs to access those machines in the private 192.168.1.0/24 network to use that very same box as gateway.> I know there are other solutions to this problem i.e second interface > with 192 address on any machine I want to access that subnet BUT there > are factors that limit that ability.Sounds like a lot of wires and switches and a scary set up... ;) HTH karsten ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
K." Bräckelmann
2005-Aug-25 01:37 UTC
RE: Public to Private address routing: A little off topic, NOT WORTH TOM''s Time
> Your response makes a lot of sense but I was wondering if there is > something I could do in the perimeter router that could do it > > Maybe add a route (I''m not good with routing but this is my shot at > it)Adding a route to your "perimeter router" (I assume it''s the default gateway for your x.y.70.0/23 network machines) to use the mentioned "Shorewall box" as gateway for the private 192.168.1.0/24 network should do the trick.> Source xxx.xxx.70.x/23 Destination 192.168.1.0/24 (through ???) > xxx.xxx.70.x (shorewall box)?? > > I don''t know the syntax of adding routes so that''s what I was looking > for I think...I don''t know the OS or syntax or graphical/web front-end your "perimeter router" uses, so I can''t tell you how to do this exactly. If it is a Linux machine, or you want to set the routes for the hosts that need to access this network (as in the second part of my previous post), ''man route'' should tell you. ;) karsten ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf