routes are killing me - how to?
Stefan Jeglinski
yellowdog-general@lists.terrasoftsolutions.com
Thu Nov 7 09:30:00 2002
Thanks Bil for your comments. Also, Keary says:
>Just from what you have provided, it seems to me that the private
>network router is simply redundant. It would be simpler to remove it from
>the network entirely. (Now, you do mean *router* vs hub or switch?)
OK, let me restate the picture, and I will clarify an item or two
that I know I had not described well due to the lateness of my
evening yesterday. Here again is a picture of what I am trying to do:
hub +-----------------------+
| | | |
192.168.0.0 -+ +--+ eth0 (192.168.0.1) |
| | hub--dslmodem (63.220.231.129)
| | | |
| (63.220.231.132) eth1 +---+ +
| | |
+-----------------------+ |
|
other 63.220.231.128/26 IPs ----+
Yes I used the term router before and this was completely incorrect;
I apologize profusely for the confusion that this may have caused. In
the above diagram I use "hub" and this could be replaced with
"switch."
For the moment leaving aside security issues, it was my original
thought that to get the private 192.168.0.0 network to exchange
packets with the outside world, I had to correctly set up the routing
table on the Linux box. At boot, the routing table created from
information from ifcfg-eth0, ifcfg-eth1, and network files is:
Destination Gateway Genmask Flags Iface
63.220.231.128 0.0.0.0 255.255.255.192 U eth1
192.168.0.0 0.0.0.0 255.255.255.0 U eth0
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 63.220.231.129 0.0.0.0 UG eth1
My first question was/is: is this routing table sufficient to allow
the packets to be exchanged? AFAICT, the answer was it didn't matter
because using iptables would magically fix it for me. And I was
admonished to "just do iptables."
I'm still not sure I'm doing iptables right anyway, but the issue is
more fundamental than that. The hosts on 192.168.0.0 have the gateway
device listed as 192.168.0.1, but they cannot ping 192.168.0.1, and
vice versa. I believe this is a problem with the routing table. Am I
wrong on this?
Believe me, I'm not trying to just be spoon fed. But I do want to
understand why what I'm doing works (or not).
I submit that all the equipment is working, because this config works:
+--------------------------------+
| |
+ |
hub +-----------------------+ |
| | | |
63.220.231.x-+ -+ eth0 (192.168.0.1) | |
| | hub--dslmodem (63.220.231.129)
| | | |
| (63.220.231.132) eth1 +---+ +
| | |
+-----------------------+ |
|
other 63.220.231.128/26 IPs ----+
There seems to be disagreement as to whether I should do iptables,
nat, masquerading, or [software] routing with the Linux box. I know
surely this is a common config, at this point I'll take a blind
recipe and analyze why it works after. Keary, I'm working on the
script link you sent me.
Stefan Jeglinski