RE: [SLUG] Network To Network
I have 2 networks running using PoPToP (PPTP) and 128 encryption. It's alot easier if both networks are on different internal IP subnets as routing is alot easier.. 192.168.100.XX - 202.44.164.38 - 202.44.164.39 - 192.168.101.XX thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Lyle Chapman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 November 2001 11:59 AM To: [EMAIL PROTECTED] Subject: [SLUG] Network To Network To whomever can help. I want to connect 2 internal networks together across the internet using ipchains from 2 Linux routers. Is it possible to do this and have it tranparent to the internal networks. I have tried everything I can think of and have read the HOWTO but cannot get through. If I am inside network 1 I get as far as the router at network 2 but cannot see or ping their internal network. PLEASE HELP - As I am trying to learn Linux but unfortunately documentation is not aimed at the newbie sometimes!!! Linux Box 1 is... eth0 (internal) 192.168.100.130/255.255.255.0 eth1 (external) 202.44.164.38/255.255.255.240 Linux Box 2 is... eth0 (internal) 192.168.100.131/255.255.255.0 eth1 (external) 202.44.164.39/255.255.255.240 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Network To Network
Linux Box 1 is... eth0 (internal) 192.168.100.130/255.255.255.0 eth1 (external) 202.44.164.38/255.255.255.240 Linux Box 2 is... eth0 (internal) 192.168.100.131/255.255.255.0 eth1 (external) 202.44.164.39/255.255.255.240 Wouldn't you need to have distinct IP subnets on each internal network? Not both on 192.168.100? S. :) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Network To Network
You can't route internal IPs over the internet... you MUST use a tunnel or some kind... You could use vpnd which uses blowfish I think... haven't used it much before but I have used it.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: DaZZa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 November 2001 12:12 PM To: Lyle Chapman Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Network To Network On Wed, 28 Nov 2001, Lyle Chapman wrote: To whomever can help. I want to connect 2 internal networks together across the internet using ipchains from 2 Linux routers. Is it possible to do this and have it tranparent to the internal networks. I have tried everything I can think of and have read the HOWTO but cannot get through. If I am inside network 1 I get as far as the router at network 2 but cannot see or ping their internal network. PLEASE HELP - As I am trying to learn Linux but unfortunately documentation is not aimed at the newbie sometimes!!! As far as I know, you can't do this with just ipchains - and if you could, it'd be hideously insecure. I could be wrong about the first statement. I'm not wrong about the second. You can, however, do it via FreeS/WAN. Check out http://www.freeswan.org for details and software. Basically, you need to run a secure VPN encrypted across the internet. If you don't do this, your commercial data is toast - it can be collected by anyone with enough nouse to run a sniffer or data capture device on your networks. Your network can also be compromised from outside much more easily. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Network To Network
At Wednesday, 28/11/2001 11:59 AM (+1100), Lyle Chapman wrote: To whomever can help. I want to connect 2 internal networks together across the internet using ipchains from 2 Linux routers. Is it possible to do this and have it tranparent to the internal networks. I have tried everything I can think of and have read the HOWTO but cannot get through. If I am inside network 1 I get as far as the router at network 2 but cannot see or ping their internal network. PLEASE HELP - As I am trying to learn Linux but unfortunately documentation is not aimed at the newbie sometimes!!! Linux Box 1 is... eth0 (internal) 192.168.100.130/255.255.255.0 eth1 (external) 202.44.164.38/255.255.255.240 Linux Box 2 is... eth0 (internal) 192.168.100.131/255.255.255.0 eth1 (external) 202.44.164.39/255.255.255.240 Two different subnets makes life hard. I am also suprised that the external network addresses are on the same subnet - is this on the same ISP ? If the two networks are truly connected on the same external subnet then life is pretty easy however since you are running your traffic over a public network it is well recommended that you use IPSec for security. To get basic routing working, you could divy your 192.x.x.x network into two smaller subnets, or renumber the one at the other site. Then all you would really have to do is add some static routes into the linux box at each end pointing to the other router's gateway (external) address. Matt -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Network To Network
At Wednesday, 28/11/2001 12:14 PM (+1100), George Vieira wrote: You can't route internal IPs over the internet... you MUST use a tunnel or some kind... Well, that depends. From his config, both external IPs were on the same subnet so the ISPs router probably could be bypassed using a static route. We need to know more about the public side of the network. You could use vpnd which uses blowfish I think... haven't used it much before but I have used it.. The only VPN solution I would recommend would be IPSec - ie FreeS/Wan. Others have a number of significant holes. Matt thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: DaZZa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 November 2001 12:12 PM To: Lyle Chapman Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Network To Network On Wed, 28 Nov 2001, Lyle Chapman wrote: To whomever can help. I want to connect 2 internal networks together across the internet using ipchains from 2 Linux routers. Is it possible to do this and have it tranparent to the internal networks. I have tried everything I can think of and have read the HOWTO but cannot get through. If I am inside network 1 I get as far as the router at network 2 but cannot see or ping their internal network. PLEASE HELP - As I am trying to learn Linux but unfortunately documentation is not aimed at the newbie sometimes!!! As far as I know, you can't do this with just ipchains - and if you could, it'd be hideously insecure. I could be wrong about the first statement. I'm not wrong about the second. You can, however, do it via FreeS/WAN. Check out http://www.freeswan.org for details and software. Basically, you need to run a secure VPN encrypted across the internet. If you don't do this, your commercial data is toast - it can be collected by anyone with enough nouse to run a sniffer or data capture device on your networks. Your network can also be compromised from outside much more easily. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Network To Network
On Wed, 28 Nov 2001, Lyle Chapman wrote: To whomever can help. I want to connect 2 internal networks together across the internet using ipchains from 2 Linux routers. Is it possible to do this and have it tranparent to the internal networks. I have tried everything I can think of and have read the HOWTO but cannot get through. If I am inside network 1 I get as far as the router at network 2 but cannot see or ping their internal network. PLEASE HELP - As I am trying to learn Linux but unfortunately documentation is not aimed at the newbie sometimes!!! As far as I know, you can't do this with just ipchains - and if you could, it'd be hideously insecure. I could be wrong about the first statement. I'm not wrong about the second. You can, however, do it via FreeS/WAN. Check out http://www.freeswan.org for details and software. Basically, you need to run a secure VPN encrypted across the internet. If you don't do this, your commercial data is toast - it can be collected by anyone with enough nouse to run a sniffer or data capture device on your networks. Your network can also be compromised from outside much more easily. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Network To Network
On Wed, 28 Nov 2001, Matt Hyne wrote: At Wednesday, 28/11/2001 12:14 PM (+1100), George Vieira wrote: You can't route internal IPs over the internet... you MUST use a tunnel or some kind... Well, that depends. From his config, both external IPs were on the same subnet so the ISPs router probably could be bypassed using a static route. Indeed. But that sssumes that he has control of both routers involved. It'd still be open to security penetration, though. You could use vpnd which uses blowfish I think... haven't used it much before but I have used it.. The only VPN solution I would recommend would be IPSec - ie FreeS/Wan. Others have a number of significant holes. Which was what I suggested. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug