/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Although I am usually somewhat confused about those "text" diagrams, I do
have an idea of what you are trying to accomplish. I have done this before
and it works fine. This is what mine looked like:
ISP------------LINUX BOX------------HUB----------LOCALNET
| 192.168.1.0
|
CISCO Router
|
192.168.2.0
|
REMOTENET
|
192.168.3.0
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $SERIALNET -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $REMOTENET -j MASQ
You must masquerade each private network IP (Local, Serial, and Remote).
Therfore If I had a 2nd remote site It would look like so:
|
192.168.5.0
REMOTENET2
|
|
192.168.4.0 (serial2)
CISCO router2
|
|
ISP------------LINUX BOX------------HUB----------LOCALNET
| 192.168.1.0
|
CISCO Router1
|
192.168.2.0 (serial1)
|
REMOTENET1
|
192.168.3.0
And the script would like this with 2 more entries:
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $SERIALNET_1 -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $REMOTENET_1 -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $SERIALNET_2 -j MASQ
ipchains -A forward -i $EXTERNAL_INTERFACE -s $REMOTENET_2 -j MASQ
Just make sure a static route is in place on each router and that you can
ping each remote network from the Local network. Without those entries, you
would not be able to ping the internet from any of the remote networks. The
first line only takes care of the LOCALNET.
> -----Original Message-----
> From: Michael Roark [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, August 25, 1999 11:12 AM
> To: [EMAIL PROTECTED]
> Subject: [Masq] using ip masq for multiple networks
>
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> */
>
>
>
> I searched the archives for this but didn't find the exact situation I am
> facing here. This may come out as a bit convoluted, but please be patient:
>
> I need to us a single ip masq server to service 3 networks (2 remote and
> one
> local to the server). The networks are connected by serial ports via T1's
> (Cisco routers).
>
>
> (192.168.1.0)
> hub
> |
> [eth]
> |
> ISP --[serial]-- router1 --[eth]--- switch --[eth]-- router2
> | |
> |
> [serial] [eth]
> [serial]
> | |
> |
> router3 masq server router4
> (192.168.2.0) (192.168.3.0)
>
>
> I am trying to masq the addresses for all nodes on 192.168.1.0,
> 192.168.2.0,
> and 192.168.3.0 networks to the ip on 2nd card on the masq server. I have
> the server set to pass any source to any destination and it doesn't work.
> It
> works great for the network local to the server but, no matter how I
> configure the routing on the Cisco's I still can't get traffic back to the
> remote nodes from the ISP side. Is all this do-able or do I need a masq
> server for each remote network?
>
> I know that might not be entirely clear so if you need more info, let me
> know. And, as always, all help is greatly appreciated.
>
> Thanks,
>
> Michael
> ________________________
> Candler County School District
> Technology Department
>
>
>
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
