routes are killing me - how to?

Iain Stevenson yellowdog-general@lists.terrasoftsolutions.com
Thu Nov 7 10:51:01 2002 

I've come to this a bit late and haven't read all of the preceding messages 
;) but Stefan's setup is not a whole lot different to mine except that I 
have no hub to the external DSL modem.

I threw away most of my routing commands because I didn't need them.  If 
you use netcfg (or ifconfig) to define the two Ethernet interfaces on the 
Linux box then the route table entries automagically appear.  Something 
like this is the alternative:

ifconfig eth0 192.168.1.254 netmask 255.255.255.0
ifconfig eth1 217.xxx.yyy.www netmask 255.255.255.0

All I needed was a:

route add default gw 217.xxx.yyy.zzz

To make the external ADSL box the default route for traffic not on the 
local subnet.  You need to replace the 217.xxx.yyy.zzz with the address for 
your ADSL service.

I am using the gShield iptables script to implement masquerading but 
otherwise a command like:

/usr/local/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

would be needed to set up masquerading.

As a point of information, private addresses do not have to be discarded by 
routers, it is merely recommended that they are and most routers are set up 
to do so.  Cable TV companies sometimes use private address space and route 
it locally within a neighbourhood.

  Iain



--On Thursday, November 7, 2002 11:29 am -0500 Stefan Jeglinski 
<jeglin@4pi.com> wrote:

> Thanks Bil for your comments. Also, Keary says:
>
>> Just from what you have provided, it seems to me that the private
>> network router is simply redundant. It would be simpler to remove it from
>> the network entirely. (Now, you do mean *router* vs hub or switch?)
>
> OK, let me restate the picture, and I will clarify an item or two that I
> know I had not described well due to the lateness of my evening
> yesterday. Here again is a picture of what I am trying to do:
>
>               hub  +-----------------------+
>               | |  |                       |
> 192.168.0.0 -+ +--+ eth0 (192.168.0.1)    |
>                    |                       |   hub--dslmodem
> (63.220.231.129)                    |                       |   | |
>                    | (63.220.231.132) eth1 +---+ +
>                    |                       |     |
>                    +-----------------------+     |
>                                                  |
>                  other 63.220.231.128/26 IPs ----+
>
>
> Yes I used the term router before and this was completely incorrect; I
> apologize profusely for the confusion that this may have caused. In the
> above diagram I use "hub" and this could be replaced with "switch."
>
> For the moment leaving aside security issues, it was my original thought
> that to get the private 192.168.0.0 network to exchange packets with the
> outside world, I had to correctly set up the routing table on the Linux
> box. At boot, the routing table created from information from ifcfg-eth0,
> ifcfg-eth1, and network files is:
>
>   Destination     Gateway         Genmask        Flags Iface
> 63.220.231.128  0.0.0.0         255.255.255.192 U     eth1
> 192.168.0.0     0.0.0.0         255.255.255.0   U     eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     lo
> 0.0.0.0         63.220.231.129  0.0.0.0         UG    eth1
>
> My first question was/is: is this routing table sufficient to allow the
> packets to be exchanged? AFAICT, the answer was it didn't matter because
> using iptables would magically fix it for me. And I was admonished to
> "just do iptables."
>
> I'm still not sure I'm doing iptables right anyway, but the issue is more
> fundamental than that. The hosts on 192.168.0.0 have the gateway device
> listed as 192.168.0.1, but they cannot ping 192.168.0.1, and vice versa.
> I believe this is a problem with the routing table. Am I wrong on this?
>
> Believe me, I'm not trying to just be spoon fed. But I do want to
> understand why what I'm doing works (or not).
>
> I submit that all the equipment is working, because this config works:
>
>                +--------------------------------+
>                |                                |
>                +                                |
>               hub  +-----------------------+    |
>               |    |                       |    |
> 63.220.231.x-+   -+ eth0 (192.168.0.1)    |    |
>                    |                       |   hub--dslmodem
> (63.220.231.129)                    |                       |   | |
>                    | (63.220.231.132) eth1 +---+ +
>                    |                       |     |
>                    +-----------------------+     |
>                                                  |
>                  other 63.220.231.128/26 IPs ----+
>
>
> There seems to be disagreement as to whether I should do iptables, nat,
> masquerading, or [software] routing with the Linux box. I know surely
> this is a common config, at this point I'll take a blind recipe and
> analyze why it works after. Keary, I'm working on the script link you
> sent me.
>
>
> Stefan Jeglinski
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>