Re: [Leaf-user] Newbie question perhaps.

Wed, 27 Jun 2001 07:46:48 -0700 

> Sorry folks if this is too big I was rejected for 60KB.  I compressed the
> attachment more.
>
> 1.  I modified /etc/init.d/network to add a static route to 192.168.1.0/24
via
> 192.168.2.253
> 2.  Also, my INTERN_NET="192.168.2.0/24 192.168.1.0/24"
> 3. I do wnat my two internal networks to talk.  Sooooo
>
> With regard to your WARNING below.
> I created a drawing included here which better illustrates what I'm doing.
> If I have static routes from my internal servers to 192.168.1.0/24 via
> 192.168.2.253 and I list both the LRP box and the .253 router as gateways
for my
>
> windooze boxes, won't I be OK.  Every thing on the 192.168.1.0/24 side
will
> simply have a default gateway.  Also, If a 192.168.2.0/24 box were to ask
for a
> route to 192.168.1.0/24 wouldn't the LRP issue a ICMP redirect for the
internal
> lans?  Or is that the change I would have to make to ipchains.conf?

This is why a network diagram is worth a thousand words.  I mis-understood,
and thought you had two internal network interfaces on your LRP box, and
traffic between the internal nets would have to pass through the LRP system.
This sort of setup does require additional forward rules in LRP to allow the
traffic to pass.

In your setup, however, you've only got one internal NIC on the LRP, so all
you need is the proper static routes configured on the LRP system.  Note
that you will probably also need the proper static routes setup on your
clients, or you may still see connection problems.  AFAIK, the LRP box will
likely drop traffic that should have gone to your internal network gateway
rather than forward it (I think an ICMP redirect will be sent regardless)
due to the firewall rules.  Just be aware this might be a problem...if
you're lucky, you can setup your internal systems static routes with DHCP to
avoid the headaches of keeping all the systems properly configured.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to