routes are killing me - how to?

Bil yellowdog-general@lists.terrasoftsolutions.com
Thu Nov 7 08:25:01 2002 

ok. but the purpose of NAT is so machines on private address space want to
access the internet. Thats my assumption. Usually the best thing to do when
setting up NAT, is to make sure a machine has a connexxion externally, the
gateway/NAT machine, then you can check your NATting by trying to ping a
known external address.

If you give me appropriate IPs or symbolic names, it won't take more then a
second to know you up a simple IPTABLES ruleset and give you a default route
to put in.

there after, you'll have to set a default route on each machine on the
subnet to use the gateway/NAT machine as default gateway.

If you just want NAT you MUST use IPTABLES. To make any use of it, you start
playing with routes.

I'm new to YDL, but I've been using unix for many years. Perhaps I'm not
communicating this correctly.

regards

Bil
----- Original Message -----
From: "Peter Bagnall" <pete@surfaceeffect.com>
To: <yellowdog-general@lists.terrasoftsolutions.com>
Sent: Thursday, November 07, 2002 3:12 PM
Subject: Re: routes are killing me - how to?


> I'd just like to emphasise something that seems to be causing a bit of
> confusion on this thread...
>
> 192.168.x.x are unrouted subnets. That is to say routers simply drop
> packets from these subnets on sight. This is why we can all use
> 192.168.0.x as our private network addresses without causing mayhem
> with IP address conflicts.
>
> Stefan Bruda is exactly right here, what you need is Masquerading. What
> this does is it catches IP packets as the enter the linux box, and
> rewrites the IP headers to make it look as if the initial request came
> from it, rather than from the private network behind. This is one
> element of NAT (network address translation). When the reply packets
> come back it recognises the session (this can be pretty tricky with non
> TCP traffic), and passes the packet back into the private network after
> readdressing it to the machine that sent the original outgoing packet.
>
> Routing does NOT do this, and this is why playing with routing tables
> has given you no joy, despite some suggestions to the contrary.
>
> Does that give you a better picture of what's going on? Now you're
> actually solving the right problem you should make much better progress
> ;-)
>
> Pete
>
> On Thursday, November 7, 2002, at 01:45 PM, Stefan Bruda wrote:
>
> > At 00:30 -0500 on 2002-11-7 Stefan Jeglinski wrote:
> >>
> >> I'm sorry, but IMHO finding a *simple* IPABLES how-to is not easy.
> >
> > Well, you want for a starter just masquerading, so take a look at
> > the... masquerading howto: ;-)
> >
> > http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
> >
> > Stefan
> >
> > --
> > If it was so, it might be; and if it were so, it would be; but as
> > it isn't, it ain't. That's logic.
> >     --Lewis Carroll, Through the Looking-Glass
> > _______________________________________________
> > yellowdog-general mailing list
> > yellowdog-general@lists.terrasoftsolutions.com
> > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> >
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>
>