At 10:15 AM 2/7/02 -0800, Jeff Newmiller wrote: [...] >> 192.168.1.0/24 (they don't know this quite properly; "private address" >> *means* unroutable, requiring NAT to work). > >I disagree with the explanation, though not the advice. "Private address" >means that no public routers will enter it into their routing tables... >those IP numbers are just as routable as any other numbers within your >organization. This point is confusing to many newbies... it certainly was >for me.
Jeff makes the right technical distinction here. I should have been more specific -- they will be unroutable on the public Internet, by convention/standard. With respect to a private network, you can never make ANY assumptions about routing of ANY addresses, public or private, since all depends on what the network administrator set up in the network's routing tables. You simply have to find out (or set it up right, if you are the netadmin). >The place it makes a difference is in the "modem", which was providing NAT >services to 192.168.68.0. Maybe. From what Greg actually reported, all we actually *know* is that the DSL router has a route to 192.168.68.1. This *may* be through support of 192.168.68.0/24. Or it *may* be a /32 point-to-point route. Or it may be under Greg's control (use of the "68" subnet is uncommon, making me like this possibility), in which case it is whatever he made (or in the future makes) it. We have no way of knowing. With that caveat, either of Jeff's suggestions below could work ... the first if Greg can configure the DSL router's interfaces and routes, the second if Jeff has guessed right about the DSL router's current routing table. >If you could modify its routing table to route >through 192.168.68.1 to arrive at 192.168.1.0/24, and NAT 192.168.1.0/24 >as well as 192.168.68.0/24, you would be fine. The problem is that boxes >like that are not usually so configurable, so Ray's advice below is indeed >a straightforward approach... the "modem" would only think there was one >address to deal with. > >A different approach might be to use a bridging or proxy-arp >configuration, and omit the 192.168.1.0/24 network entirely. Without a >firewall, there isn't much reason to bother having the LEAF box here, so I >would assume that is part of the eventual goal. Unlike Ray's solution, I >don't know of a firewall script that does this out-of-the-box... I set one >up manuallly last year. [...] -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
