by Dear networking group,
This is a posting about my network which has a Netgear ADSL Router,
behind which is a firewall/router, behind which is another router to
which a network is attached.
Initially I had the following simple network, which is working
perfectly:
----------------------------------------------------------------------
|Netgear ADSL} External IP: a fixed IP number
|Modem } Internal IP: 192.168.0.1
| |
| |
|circle: } External IP obtained by dhcp to Netgear, and is
|Firewall/ } 192.168.0.3. Internal IP: 192.168.10.1
|NAT Router } |
| |
| |
|Subnet of clients on 192.168.10.0/24, These access internet using
|ip masq through the machine circle.
-----------------------------------------------------------------------
circle also has a group of filtering rules which I've set up with
iptables. It's a RH9 box. This all works fine, and machines on the
subnet 192.168.10.0/24 all access the internet, getting MASQed through
the firewall and then through the Netgear router.
Now I wish to add subnet behind one of the machines on the
192.168.10.0/24 subnet. This machine is called xerxes. It is also a
RH9 box. It will not do any ip packet filtering. It will actually act
as a thin client server, and the clients on the 192.168.20.0/24
network will be the thin clients. However, this is by the by and not
immediately relevant.
-------------------------------------------------------------------------
|xerxes: } External IP: 192.168.10.5, (by dhcp to circle)
|Router } Internal IP: 192.168.20.1
| |
| |
| Subnet of clients on 192.168.20.0/24
-------------------------------------------------------------------------
Here is what I would like the .20.x clients to do: [And if it does it]
1. Access addresses on 192.168.20.0 net. [Yes]
2. Access addresses on 192.168.10.0 net. [No]
3. Access the internet, using xerxes router. [No]
And I'd like this from the members of the .10.x subnet:
4. Access addresses on 192.168.20.0 net. [No]
5. Access addresses on 192.168.10.0 net. [Yes]
6. Access the internet, through circle. [Yes]
And I'm currently failing to find how to do this. Can anyone help with
the ip commands that I need to execute on xerxes to do this? Also,
Redhat has a little gui for setting up the network devices, which also
has facility for setting up static routes. Does this give enough
flexibility to set up my network?
I imagine I also have to add static routes to the .20.x network on
circle, so it knows where replies to the .20.x subnet need to go. Is
this right?
Here is circle's routing table:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
192.168.10.0/24 dev eth1 scope link
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev eth0
(I don't know what the 169.254.0.0/16 entry is, but may be related to
xerxes which happens to be running Shaolin Aptus, so I'll ignore that
for now.)
Here is xerxes' routing table:
192.168.20.0/24 dev eth1 scope link
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.5
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.10.1 dev eth0
Can anyone see why it is that I am unable to access circle from one of
xerxes' clients, nor am I able to access any of the other members of
the .10.x subnet from a client on the .20.x subnet?
With best regards,
Seb James.