On Mon, 11 Oct 2004 13:56:08 +0000 "Jeff Gilles" <[EMAIL PROTECTED]> wrote:
[snip] > > Sun VxWorks > main board > hme0 if1 > 192.168.0.9 ----(IP cloud)----192.168.100.1 > routes to other VxWorks > if2 board > 10.20.1.20-------------10.20.1.7 > > So the routers in the IP cloud know that to get to 10.20.1.0 subnet, the > packet needs to go through the "router" 192.168.100.1. > > Now, I have a situation where the routing in the IP cloud cannot/will > not be done, so I am trying to find a workaround. Well, why not? When you use NAT, I don't know how about VxWorks, but on my xBSD systems it will be routed in any case. If you need eliminate routing completely, just use something like 10/8 network and bridging on VxWorks main board. > My idea was to get extra addresses on the 192.168.100.x subnet to use as > aliases for the private addresses. Let's say that I have 192.168.100.7 > as an alias for 10.20.1.7. The software application on the Sun would > try to send its packet to 10.20.1.7, and I'd like to use ipnat to change > the destination from 10.20.1.7 to 192.168.100.7. The packet then gets > sent out and routed across the network to a newly inserted device which > has an ethernet port on the 192.168.100.x network with 192.168.100.7 as > an IP. It would use ipnat to change that back to 10.20.1.7, and send it > out a second port over to 192.168.100.1. Excuse me please if I misunderstand you, but IMHO it can be done using "bimap" rules on main VxWorks board. For example: bimap if1 10.20.1.1/32 -> 192.168.100.1/32 bimap if1 10.20.1.2/32 -> 192.168.100.2/32 ... and so on ... Thus, when packet with source address 10.20.1.7 from another board will be sent to Sun box, the Sun will think that it comes from 192.168.100.7. Then Sun sent reply to 192.168.100.7 and it arrives to 10.20.1.7 IP. I haven't tried yet, but I think it should be possible to setup similar bimap on if2 too to acheive completely transparent mapping. However, this may cause some problems on broadcast packets (I haven't really tested this solution for IPs like 192.168.0.255/24), so take care. > Visually: > > Sun VxWorks > main board > hme0 if1 > 192.168.0.9-----(IP cloud)-[ ]--192.168.100.1 > ^ ^ routes to other VxWorks > | | if2 board > | | 10.20.1.20-------------10.20.1.7 > run ipnat | > here new device > to change runs ipnat > destination here to change > origin > > So is this the type of application that ipf/ipnat can do gracefully and > simply? Or is this in some profound way different than all of the other > applications I've been reading about in the various documentation and > emails on the subject? It depends on what devices you need to hide from. -- Best wishes, Mishka.
