On Sat, 18 May 2002, David Smead wrote:
> Tom,
>
> thevenin:/etc# cat /proc/sys/net/ipv4/ip_forward
> 1
>
> I did that explicitly. I probably should have installed shorewall but
> since all I want to do is forward all traffic between two internal nets I
> figured it would be easy enough just to dump a few rules into iptables.
>
> Wrong!
"forward all traffic between two internal nets" = bridging, not routing,
and you would need to use the same network across both sides of the
bridge.
When it comes to routing, EVERY MACHINE has to know how to get to every
other machine. Mostly this is accomplished with default routes to keep
things sane... but on the internet backbone the routing tables are
horrendous to make up for that localized simplicity. You are starting to
internetwork your own networks, so here is where the rubber hits the road
in terms of learning. You have to look at the routing tables at every
involved machine and ask yourself how they will know to send packets to
the next hop along the way. Every involved machine in this case is at
least three machines: your .3.245, .3.254/.8.24, and whatever machine you
want to communicate with in .8.0/24. And packets have to know how to go
both directions.
_IF_ your machine with NICs 192.168.3.254 and 192.168.8.24 is set up as
the default route for all other machines on both networks, you should be
able to make this work easily. I suspect 192.168.8.24 is NOT the default
route for all machines on 192.168.8.0/24, so they are dropping the
return packets because they aren't smart enough to know what to do
with those packets yet. You have a couple of choices:
a) make it so (default routes both directions)
b) put appropriate routing entries in the router that IS the default
route for all machines on 192.168.8.0/24 so that packets destined
for 192.168.3.0/24 get sent to 192.168.8.24 ... this will pass traffic
that traffic across the .8.0 segment twice... inefficient.
c) put extra routing entries in every machine on .8.0/24 so they know to
use 192.168.8.24
d) use masquerading to give .3.0/24 second class status in .8.0/24
e) change the machines in .3.0/24 over to .8.0/24 addresses, and bridge
or subnet proxy-arp through the debian box, (or just wire them together).
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
