Tanx for the help.
The problem with your solution is that i must make the decission, to route
the packages through the tunnel or to masquerade them, on the linux gateway.
The solution would work if i wanted to route all packages through the
tunnel.
After a package has passed the linux gateway (tunneled or masqueraded) it
has a dest ip which it will be sent to. The package get sent using the
routing table.
This is the problem.
The problem would be solved if i could create 2 default gateways and could
specify which one to use based on the source ip-address.
I just tried ip-chains (with patched 2.0.36 kernel). This also lacks the
functionality to masquerade IPIP frames. If I have time, I will try an
experimental kernel today. But maybe there is a better solution......
(I used the words RAW IP by mistake, It's IP protocol 4)
-----Original Message-----
From: Megavolt [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, January 12, 1999 4:01 AM
To: Eric Kluft
Subject: Re: tunneling over masquerading
It would work fine... if you set your default gateway on your
local-net
computers to the ip address of the isp guy... and set the routes on
your linux
gateway to find the isp guy through the tunnel... I dunno if this
will work for
you... you might have to use NAT to change the source/dest IP
addresses... but
this might head you in the right direction? :)
Eric Kluft wrote:
> Hi all,
>
> My provider gives me 1 ip-number. They don't have the abillity to
route more
> ip-numbers to me. A friend of mine, however, is working at another
ISP. By
> tunneling (linux IPIP) I route 32 ip-numbers to me from that ISP.
I just
> route all computers on my local network over the tunnel to the
internet.
> (/sbin/route add default gw w.x.y.z tunl0)
> So far so good.
> The problem is that the tunnel uses 8 extra hops so the
connections get
> slower. The solution to this problem is to masquerade the
workstations and
> to tunnel the servers.
> I can't do this on 1 server (because i must choose to route the
default
> gateway over the tunnel or ethernet interface (can't use both)).
> If I use 2 computers, 1 computer is connected to the internet and
> masquerades all computers behind it. The second computer contains
the
> tunnel. The source address of this tunnel server should be
rewritten by the
> masquerading server.
> This last piece however is not possible. Tunneling uses RAW ip for
it's
> frames and you can't masquerade RAW ip.
> I know this is the case for standard 2.0.35 kernels, but maybe
there's a
> solution for it. The solution as offered for microsoft PPTP does
not work.
> Does anyone know if ipchains has the abillity to masquerade raw
ip?
> Does anyone know if NAT has the abillity to masquerade raw ip?
> Does anyone know a different solution?
>
> Tanx in advance,
>
> Eric.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
