Re: Advanced routing question
On Sunday 27 July 2003 20:10, Fraser Campbell wrote: On July 27, 2003 09:10 am, Haim Ashkenazi wrote: I'm trying to combine 2 linux firewalls/routers together. the final host should have the following ports: 1. eth0 - 256kbps frame relay. 2. ppp0 (via eth1) - pppoe adsl with dhcp. 3. eth2-3 - 2 DMZ's. 4. eth4 - localnet. The default route is ppp0. Here's the problem: If I'll connect to the firewall from the internet through eth0 (or even connect to the dmz through the firewall's eth0) wouldn't it try to respond through ppp0 (the default gateway) which will make the connection impossible? Yes you need to install some advanced routing rules. Read the advanced routing howto (http://www.lartc.org/), you'll need something roughly like this: thanx, I'll read it. Bye -- Haim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Advanced routing question
Hi I'm trying to combine 2 linux firewalls/routers together. the final host should have the following ports: 1. eth0 - 256kbps frame relay. 2. ppp0 (via eth1) - pppoe adsl with dhcp. 3. eth2-3 - 2 DMZ's. 4. eth4 - localnet. The default route is ppp0. Here's the problem: If I'll connect to the firewall from the internet through eth0 (or even connect to the dmz through the firewall's eth0) wouldn't it try to respond through ppp0 (the default gateway) which will make the connection impossible? Bye -- Haim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advanced routing question
On July 27, 2003 09:10 am, Haim Ashkenazi wrote: I'm trying to combine 2 linux firewalls/routers together. the final host should have the following ports: 1. eth0 - 256kbps frame relay. 2. ppp0 (via eth1) - pppoe adsl with dhcp. 3. eth2-3 - 2 DMZ's. 4. eth4 - localnet. The default route is ppp0. Here's the problem: If I'll connect to the firewall from the internet through eth0 (or even connect to the dmz through the firewall's eth0) wouldn't it try to respond through ppp0 (the default gateway) which will make the connection impossible? Yes you need to install some advanced routing rules. Read the advanced routing howto (http://www.lartc.org/), you'll need something roughly like this: # All of my networks localnet='172.16.0.0/24' dmz_a='172.17.0.0/24' dmz_b='172.17.0.0/24 frame='216.1.2.0/28' # Set default route for frame relay network ip route add default via 216.1.2.1 table 10 # (table 10 arbitrary choice) pri=100 # ensure that traffic to local IPs is handled by default routing table for net in $localnet $dmz_a $dmz_b $frame; do ip rule add to $net lookup main pri $pri done pri=200 # Make sure that traffic coming from frame IPs get's routing to frame gateway ip rule add from $frame lookup 10 pri $pri # Flush route cache to make changes immediate ip route flush cache That should handle everything correctly. Have your pppoe software install a default route when it brings up the connection and you shouldn't have to worry about any special routing for it. -- Fraser Campbell [EMAIL PROTECTED] http://www.wehave.net/ Halton Hills, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
