On Sat, 13 Jul 2002 23:11:56 -0700
"Brock Nanson" <[EMAIL PROTECTED]> wrote:
> I've been playing with an Orinoco access point tonight, attempting to
> add an additional private IP subnet to my Bering RC2 box. The AP is
> essentially a router, allowing traffic from the wireless network of
> 192.168.200.0 to pass to the 192.168.1.0 network which is my internal
> wired LAN as far as the Bering box is concerned.
>
> I've tweaked shorewall to allow traffic back and forth from this
> wireless network to my DMZ, internet etc. It all seems to work, except
> that I am so far forced to manually add a route to Bering after boot to
> tell it where to look for the router to the wireless network. Is this
> something that Shorewall should take care of, or do I need to enter this
> information somewhere else? So far I haven't stumbled on any obvious
> places...
Okay, let me make sure I'm following you correctly. If so, this is
identical to the setup I had back when we were testing ipsec on rc2.
You have a router, with one interface hooked up to a wired lan (lets say
for arguments sake 192.168.1.1) and another hooked via hub or crossover to
a wireless AP server network 192.168.200.0. This interface is, again for
the sake of argument, 192.168.200.1. The AP will also have an ip address,
but really unused except for management.
>From there, if there is access to the internet, there would be another
interface hooked up to that, with an external ip address. Or you could be
like me, where you just route everything to your wired lan and you have
another router on that network which handles your internet traffic. In
order for the machines on the wired lan _not_ to each need a static route
to the wireless lan, this other router would need a static route back to
the wireless lan, using 192.168.1.1 as the gateway address for the
192.168.200.0/24 network.
As far as I know, and Mr. Eastep can correct me if I'm wrong, Shorewall
doesn't usually need to set up routes (and maybe can't?). That is done by
the regular networking scripts when the interfaces are set up. This
process is controlled by /etc/network/interfaces. You will probably have
lines like:
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
auto eth1
iface eth1 inet static
address 192.168.200.1
netmask 255.255.255.0
These lines should set up routes like this:
# ip route
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.1
So, short answer, you shouldn't have to do anything, assuming my
incredibly verbosely stated assumptions are true!
--
------------------------------------------------------------------------
Chad Carr [EMAIL PROTECTED]
------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
