strange network topology (plz help me out of this)

strange network topology (plz help me out of this)

Post by i.cetinkay » Fri, 02 Feb 2001 18:24:02



hi all !

me and my friend are fighting now for days upon a certain (complex)
networking issue.
at first i thought this is impossible but now i know nothing about it.
i'm no linux guru, but i try to :-)

here's my problem:

i have a local subnet 192.168.0.0/24
connected to world 0/0
and masqed.

everythings allright so far, but know the problems arise:

i have 3 public fix ip-addresses like 26.24.144.3, lets assume i have ips
from .3 to .5

my world comes to fw from eth1
my local is eth0
my designated public ip computer is at eth2

now my router plugged before firewall is located in _the same_ subnet as i
have my public addresses, that means my router (reachable through eth1) has
ip 26.24.144.1 (same subnet as my public ips).

this consequently means that i have 2 _same_ subnets on 2 _different_ ifs
(eth1 & eth2).

first question: in general, is it possible to have 2 same subnets on 2
different ifaces ?

i tried this. it works only partially, and i'm not sure wether the problem
is routing or masquing...

if i configure both eth1 and eth2 as same subnets, i can reach both subnets
from fw-machine.. so far so good,
my masquing is only for eth0 (yet)...

now i want that eth2 (my given public ips) are forwarded through fw, so that
i can ping the world from 26.24.144.3, which is plugged to fw via eth2....
this is the breaking point anyway. no matter what i try ___i cant ping world
from my fix public ip-machine___

second question:
is this network topology possible to configure anyway ???

whats the goal of such a config ? -> i just want a webserver running on
26.24.144.3 secured by fw-machine has ip 26.24.144.2 (eth2) plugged to world
via router (26.24.144.1) on eth1 and a subnet 192.168.0.0/24 on eth0...

i know it's getting a bit complex, but it's a challange for you (and me),
isn't it ? :-)

btw: i use suse6.3 and ipchains

if you can help me, you guru outside spending whole weekends configuring
networks, __plz__ help me...

thanks alot,

i.cetinkaya

 
 
 

strange network topology (plz help me out of this)

Post by Bill Hudso » Sat, 03 Feb 2001 01:22:44



> hi all !

> me and my friend are fighting now for days upon a certain (complex)
> networking issue.
> at first i thought this is impossible but now i know nothing about it.
> i'm no linux guru, but i try to :-)

> here's my problem:

> i have a local subnet 192.168.0.0/24
> connected to world 0/0
> and masqed.

> everythings allright so far, but know the problems arise:

> i have 3 public fix ip-addresses like 26.24.144.3, lets assume i have ips
> from .3 to .5

> my world comes to fw from eth1
> my local is eth0
> my designated public ip computer is at eth2

> now my router plugged before firewall is located in _the same_ subnet as i
> have my public addresses, that means my router (reachable through eth1) has
> ip 26.24.144.1 (same subnet as my public ips).

> this consequently means that i have 2 _same_ subnets on 2 _different_ ifs
> (eth1 & eth2).

> first question: in general, is it possible to have 2 same subnets on 2
> different ifaces ?

> i tried this. it works only partially, and i'm not sure wether the problem
> is routing or masquing...

> if i configure both eth1 and eth2 as same subnets, i can reach both subnets
> from fw-machine.. so far so good,
> my masquing is only for eth0 (yet)...

> now i want that eth2 (my given public ips) are forwarded through fw, so that
> i can ping the world from 26.24.144.3, which is plugged to fw via eth2....
> this is the breaking point anyway. no matter what i try ___i cant ping world
> from my fix public ip-machine___

> second question:
> is this network topology possible to configure anyway ???

> whats the goal of such a config ? -> i just want a webserver running on
> 26.24.144.3 secured by fw-machine has ip 26.24.144.2 (eth2) plugged to world
> via router (26.24.144.1) on eth1 and a subnet 192.168.0.0/24 on eth0...

> i know it's getting a bit complex, but it's a challange for you (and me),
> isn't it ? :-)

> btw: i use suse6.3 and ipchains

> if you can help me, you guru outside spending whole weekends configuring
> networks, __plz__ help me...

SMOR (Simple Matter Of Routing)

As I understand it you are trying to set up the following configuration:

(the internet)
  |
[router] (26.24.144.1)
  |
eth1 (26.24.144.2)
  |
[firewall]-eth2 (26.24.144.3) ~~~~~ [webserver] (26.24.144.4)
  |
eth0 (192.168.0.0/24)

This is commonly called a 'DMZ'. The question was: 'How can you
configure things so that [webserver] can see the internet?'.  The answer
(probably) lies in the routing tables on [firewall].  

First thing you should check is the routes on [firewall] using the
'route' command.  I would expect to see something like this (This is
based on a RedHat system, so yours may look a bit different):

Destination     Gateway         Genmask         Flags   Metric  Ref     Use     Iface
26.24.144.2     *               255.255.255.255 UH      0       0       0       eth1
26.24.144.3     *               255.255.255.255 UH      0       0       0       eth2
192.168.0.1     *               255.255.255.255 UH      0       0       0       eth0
192.168.0.0     192.168.0.1     255.255.255.0   UG      0       0       0       eth0
127.0.0.0       *               255.0.0.0       U       0       0       0       lo
default         26.24.144.1     0.0.0.0         UG      0       0       0       eth1

In addition, your system may have set a route to 26.24.144.0 going
through either eth1 or eth2.  If it has, then [firewall] may  be
attempting to route packets for *.4 through the wrong interface.  To the
above routing table, I would add two static routes as follows:

26.24.144.1     26.24.144.2     255.255.255.255 U       0       0       0       eth1
26.24.144.4     26.24.144.3     255.255.255.255 U       0       0       0       eth2

In addition, [webserver] needs to be set with a gateway of 26.24.144.3.

The routing table is traversed in order of most specific
(genmask=255.255.255.255) to least specific. Adding these two static
routes will override any incorrect route the system has for the
26.24.144.0 network.  Once you have the routes in place, use 'ping' to
test the connections, and check 'ifconfig' for packet counts on the
interfaces.

Best of luck.
--
Bill Hudson

 
 
 

1. I have a Strange Network Problem plz help

I have setup up RedHat 5.1 with kernel 2.0.34 and a pci ne2000 compatible
netcard. I wanted to connect my win98 box to the Linux box so I installed
another ne2000 compatible isa card in the Win98 box. I have the Linux box
already to go with the network setup but when I telneted over from the win98
box to the Linux box I connected but for no reason I got disconnected after
like 5 seconds, Windows telnet said the connection was reset.... Can some
one help me here

2. Finding files newer than n minutes

3. plz plz plz help.

4. Need jumpstart doc

5. IPVSADM - help on network topology

6. DTC3180 driver with kernel 2.0.30

7. PLZ HELP: strange kernel compiling problems

8. Relationship between kdebindings & PyQT/PyKDE

9. Fix asm-alpha/topology.h & asm-ppc64/topology.h

10. bttv: Strange frame drop-outs during TV grabbing

11. Plz Help! DHCP Router Networking issues!

12. plz help networking wooes

13. Network slows down then stops. Plz help me!!!