On Tue, Jan 03, 2006 at 02:42:56PM +0000, Stuart Henderson wrote:
> > On Tue, Jan 03, 2006 at 12:37:29PM +0100, Pailloncy Jean-Gerard wrote:
> > > And also wrote:
> > > >The two cables came from two routers of my provider.
> > > >The two ips (a.b.c.1 and a.b.c.2) are in the same vlan on the two
> > > >different routers.
> > > >Broadcast should work.
> > > >So on outside, a CARP should be the simple thing I have to do.
> > > >
> > > >Thank you for the information.
> > >
> > > I do not understand how the packets coming from the gateway a.b.c.1-2
> > > are able to reach the routers a.b.c.3-4 on the CARP address a.b.c.5.
> >
> > The routing table on a.b.c.[12] will simply tell them to push everything
> > for a.b.c.0/24 out of some interface. It's then up to whatever is
> > attached to that interface to provide routing.
> >
> > (Discarding complicated stuff, routing tables basically look up an IP
> > address and tell the kernel what interface to use to send packets for
> > that IP address.)
>
> This all depends how things are connected to the ISP. From 'broadcast
> should work' and the talk of vlans, it sounds like either there are two
> ISP-provided routers on the LAN, or it's ethernet-presented and ARP is
> running over the link.
>
> In either of these cases, it will be necessary to either add routes on
> the ISP routers (which might not be possible, it depends on the ISP),
> or to proxy-arp (not especially attractive), or to run the firewalls as
> bridges (probably with STP).
> From previous posts ...:
>
> >>>The external interface should be assigned, say, a.b.c.3 resp.
> >>>a.b.c.4.
> >>>Give them a netmask of 255.255.255.247. This will allow you 8
>
> This should be .248 (.247 doesn't make sense as a netmask).
>
> >>>Now, since more specific entries trump more generic, the Soekrises
> >>>will route a.b.c.0/28 to the outside routers
>
> .248 is /29
Yes, and yes. Oops.
<snip: 'use a different subnet for the routers'>
That's a lot easier, of course - but outside the scope of the original
question, i.e. it's cheating! ;-)
Thanks for the corrections!
Joachim
(Note to self: don't post nontrivial networking stuff without reading it
over, even when in a hurry.)
