Re: [expert] Routing / NAT problem
Nathan Callahan <[EMAIL PROTECTED]> wrote: > I've got a problem which must be solved by tomorrow. > > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. > > I cannot set up a VPN at the moment, it will be done in the near future. > > If anyone has a good clue on this one, please tell me. Do you have a linux box there with a 2.4 kernel? (OR a 2.2, for that matter). I can think of a couple of methods. 1 - a slightly modified NAT setup - go do a search for "Rusty's firewalling howto" (I think it was - not this rusty, someone else ;-), or look in the archives from April or May I think where I posted some actual urls. Those will tell you how to set up NAT - just modify the setup scripts to make the final destination 123.456.78.90 (as it were ;-) instead of anywhere. I think! ;-) 2 - use (open)ssh to set up the vpn until your 'real' vpn is ready (but then, once its set up, why bother 'fixing' something that ain't broke? ;-) Again, I've not had to do this, but there are plenty of good howto's out there. And I think I'd try this one first, as its been done before ;-) rc Rusty Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED] Voice: (480) 345-3621 SnailMail: Schlumberger ATE FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 ICBM: 33 20' 44"N 111 53' 47"W
Re: [expert] Routing / NAT problem
Nathan Callahan wrote: > > I've got a problem which must be solved by tomorrow. This reply does not constitute accepting the monkey... :^) > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. Are you saying packets from 192.168.(!100).* need to be re-routed to an impossible (n.456.n.n) address...? :> > I cannot set up a VPN at the moment, it will be done in the near future. You are looking for a NAT solution; sounds like you want a remote network segment to appear locally as 192.168.100.*... VPN requires work at the far end; so does GRE... might as well bite the bullet and do the work once... Pierre > If anyone has a good clue on this one, please tell me. > > Nathan Callahan
Re: [expert] Routing / NAT problem
Thanks for the input. On Monday, June 4, 2001, at 10:26 PM, Randy Kramer wrote: > This is probably a bad clue, but I thought I'd throw it out and see if > it might be workable: How about adding a line to your routing table to > set up the internet address (123.456.78.90) as a gateway to subnet > 192.168.100.0/24? Tried that, didn't work. Unfortunately the pack is not translated for the new network and gets thrown out onto the net as a packet bound for 192.168.100.?... Not good. I have actually got the answer now, I think. What I need to do is masquerade the packet, then port forward it to the port that it came in on, on the target host. ipchains can't do this, but someone put me onto ipmasqadm, which looks like it can. iptables can do it too, but the gateway in question is running a 2.2 kernel. Thanks people. If anyone notices a glaring flaw in my logic, feel free to put it out. > I can't tell you more about how to do it -- is there a command like > addroute or routeadd, or can you do this in netconf? > > And, I don't know if it will work, > > And, if it does work to get the packets there, I'm not sure that the > internet machines will do something useful with them or just attempt to > send them back to you (or /dev/null). > > Sorry, I know I'm not being real helpful, more curious than anything, > Randy Kramer > Nathan Callahan wrote: >> >> I've got a problem which must be solved by tomorrow. >> >> I need to be able to take all packets bound for a particular local >> subnet (eg 192.168.100.0/24) and instead send them off (probably using >> GRE encapsulation) to an internet address (eg 123.456.78.90) instead. >> >> I cannot set up a VPN at the moment, it will be done in the near >> future. >> >> If anyone has a good clue on this one, please tell me. >> >> Nathan Callahan >
Re: [expert] Routing / NAT problem
This is probably a bad clue, but I thought I'd throw it out and see if it might be workable: How about adding a line to your routing table to set up the internet address (123.456.78.90) as a gateway to subnet 192.168.100.0/24? I can't tell you more about how to do it -- is there a command like addroute or routeadd, or can you do this in netconf? And, I don't know if it will work, And, if it does work to get the packets there, I'm not sure that the internet machines will do something useful with them or just attempt to send them back to you (or /dev/null). Sorry, I know I'm not being real helpful, more curious than anything, Randy Kramer Nathan Callahan wrote: > > I've got a problem which must be solved by tomorrow. > > I need to be able to take all packets bound for a particular local > subnet (eg 192.168.100.0/24) and instead send them off (probably using > GRE encapsulation) to an internet address (eg 123.456.78.90) instead. > > I cannot set up a VPN at the moment, it will be done in the near future. > > If anyone has a good clue on this one, please tell me. > > Nathan Callahan
[expert] Routing / NAT problem
I've got a problem which must be solved by tomorrow. I need to be able to take all packets bound for a particular local subnet (eg 192.168.100.0/24) and instead send them off (probably using GRE encapsulation) to an internet address (eg 123.456.78.90) instead. I cannot set up a VPN at the moment, it will be done in the near future. If anyone has a good clue on this one, please tell me. Nathan Callahan