Re: Routing and Firewall

Glynn Clements Wed, 27 Jan 1999 19:35:31 -0500

Eduardo Soriano wrote:

> Setting up a 4 layers LAN
> 
> Description:
> 
> -------------| eth0 |-----------|
> Internet     |<---->|Firewall   |
> -------------|      |-----------|
>                          |  eth1
>                          |              
>      192.1.1.0           | NetAddress1 ------| 
>                          |                   |
>                          |  eth0             |
>                     |-----------|       |-----------|
>                     |Router_1   |       |Client_1_1 |
>                     |-----------|       |-----------|
>                          |  eth1 
>                          |               
>      192.168.1.0         | NetAddress2 ------|   
>                          |                   |
>                          |  eth0             |
>                     |-----------|       |-----------|
>                     |Router_2   |       |Client_2_1 |
>                     |-----------|       |-----------|
>                          |   eth1
>                          |
>      192.168.4.0         | NetAddress3
>                          |
>                     |-----------|
>                     |Client_3_1 |
>                     |-----------|
> 
> Before declaring any static route using netcfg,
> I configured:
> 
> Firewall:     route add -net NetAddress1 netmask 255.255.255.0 gw IpAddressRouter_1
>               route add -net NetAddress2 netmask 255.255.255.0 gw IpAddressRouter_2
>               route add -net NetAddress3 netmask 255.255.255.0 gw IpAddressRouter_3
>               default: IpAddressInternet
> 
> Router_1:     route add -net NetAddress2 netmask 255.255.255.0 gw IpAddressRouter2
>               route add -net NetAddress3 netmask 255.255.255.0 gw IpAddressRouter3
>               default: IpAddressFirewall
> 
> Router_2:     default: IpAddressRouter2

This doesn't make any sense.

1. There isn't a `Router3' anywhere in your diagram, but you refer to
it in your routing commands.

2. Your networks seem to be out of sync with your routers. E.g from
the firewall, NetAddress1 should have a direct route, NetAddress2
should go via router 1 etc.

3. Any gateways have to be reachable via a direct route.

If your network really does look like your diagram, then you should
have something like (netmasks omitted for clarity):

Firewall:
        route add -net NetAddress1 dev eth1
        route add -net NetAddress2 gw Router1
        route add -net NetAddress3 gw Router1   # NOT Router2
        route add -host <IP address of Internet router> dev eth1
        route add default gw <IP address of Internet router>

Router1:
        route add -net NetAddress1 dev eth0
        route add -net NetAddress2 dev eth1
        route add -net NetAddress3 gw Router2
        route add default gw <IP address of Firewall eth1>

Router2:
        route add -net NetAddress2 dev eth0
        route add -net NetAddress3 dev eth1
        route add default gw <IP address of Router1 eth1>

-- 
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
Re: Routing and Firewall

Reply via email to
