Re: [leaf-user] DCD: Special Second External Interface ???

Mon, 06 May 2002 07:27:14 -0700 


"Michael D. Schleif" wrote:
> 
> DCD: Special Second External Interface ???
> 
> [1] Summary diagram:
> 
> +-------------------+
> |                   |
> |  Remote Vendor    |
> |  Private Network  |
> |                   |
> +-------------------+
>  Florida ^
>          |
>  Chicago v
> +-----------------------+
> |                       |
> |  ISDN Router          |
> |  Auto Dial, NAT, &c.  |
> |                       |
> +-----------------------+
>     ^ 192.168.14.252
>     |
>     | 192.168.14.0/24
>     |
>     v 192.168.14.254
> +-------------------+
> |  eth1             |       +------------+
> |                   |  T-1  |            |
> |  DCD         wan1 |<----->|  Internet  |
> |                   |       |            |
> |  eth0             |       +------------+
> +-------------------+
>     ^ 192.168.11.254
>     |
>     v
> +------------+
> |            |<- 192.168.10.0/24
> |  Internal  |
> |  Network   |
> |            |<- 192.168.11.0/24
> +------------+
>   ^          ^
>   |          |
>   |          +- 192.168.12.0/24
>   |
>   +- 192.168.13.0/24

[ snip ]

I continue in my confusion:

$IPCH -I forward -j ACCEPT -s 192.168.11.0/24 -d 192.168.14.0/24 -i eth1
$IPCH -I forward -j ACCEPT -s 192.168.14.0/24 -d 192.168.11.0/24 -i eth1
$IPCH -I input -j ACCEPT -d 192.168.14.0/24
$IPCH -I input -j ACCEPT -s 192.168.14.0/24 -d 192.168.11.0/24 -i eth1
$IPCH -I input -j ACCEPT -s 192.168.11.0/24 -d 192.168.14.0/24 -i eth1
$IPCH -I output -j ACCEPT -i eth1
$IPCH -I output -j ACCEPT -s 192.168.11.0/24 -d 192.168.14.0/24 -i eth1
$IPCH -I output -j ACCEPT -s 192.168.14.0/24 -d 192.168.11.0/24 -i eth1


Why do these *not* allow the internal network to see the ISDN subnet?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]

------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to