Routing question:

Routing question:

Post by josep » Wed, 26 Sep 2001 06:16:48



I have a block of IP's from an isp, and currently there are servers on
several of them, exposed to the world without any proper firewall. I would
like to drop in a linux computer to do the firewalling and bandwidth
management.

I have got the bandwidth management figured out, but I can't seem to
understand how I can make a computer do routing for IP's on the same
subnet...

I could be way off track here, so if there are any ideas on how to go about
with this, I'd love to hear it.

thanks

Oh, and if this is documented somewhere, a reference to it would be most
usefull.

joseph

 
 
 

Routing question:

Post by Dean Thompso » Thu, 27 Sep 2001 00:57:43


Hi!,

Quote:> I have a block of IP's from an isp, and currently there are servers on
> several of them, exposed to the world without any proper firewall. I would
> like to drop in a linux computer to do the firewalling and bandwidth
> management.

> I have got the bandwidth management figured out, but I can't seem to
> understand how I can make a computer do routing for IP's on the same
> subnet...

> I could be way off track here, so if there are any ideas on how to go about
> with this, I'd love to hear it.

It depends on how much control you have, but you might be able to add a static
route to the upstream router which says that traffic destined for the Ip's
which are to be protected by your firewall are routed to the incoming address
of the firewall.  Once the firewall has routed the packets, you could then
send the packets onto the servers which are connected to the second network
card in your firewall.

If you can't add a "default route" then you might have to use proxyarp to get
your firewall to capture the requests for the servers.  Once you have the
data, you could then perform the same tricks as mentioned above.

Hopefully this helps.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

Routing question:

Post by josep » Fri, 28 Sep 2001 00:51:02


[ Posted and mailed]


Quote:

> Hi!,

> > I have a block of IP's from an isp, and currently there are servers on
> > several of them, exposed to the world without any proper firewall. I
would
> > like to drop in a linux computer to do the firewalling and bandwidth
> > management.

> > I have got the bandwidth management figured out, but I can't seem to
> > understand how I can make a computer do routing for IP's on the same
> > subnet...

> > I could be way off track here, so if there are any ideas on how to go
about
> > with this, I'd love to hear it.

> It depends on how much control you have, but you might be able to add a
static
> route to the upstream router which says that traffic destined for the Ip's
> which are to be protected by your firewall are routed to the incoming
address
> of the firewall.  Once the firewall has routed the packets, you could then
> send the packets onto the servers which are connected to the second
network
> card in your firewall.

> If you can't add a "default route" then you might have to use proxyarp to
get
> your firewall to capture the requests for the servers.  Once you have the
> data, you could then perform the same tricks as mentioned above.

> Hopefully this helps.

> See ya

> Dean Thompson

> --

+____________________________+____________________________________________+

|
> | Bach. Computing (Hons)     | ICQ     - 45191180
|
> | PhD Student                | Office  - <Off-Campus>
|
> | School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> | MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> | Melbourne, Australia       |
|

+----------------------------+--------------------------------------------+

That helps a great deal, Dean. I don't have control of the upstream routers,
so I'll go with proxy arp.

Thanks a lot!!

 
 
 

1. Routing question, how to duplicate route table in new distro?

I got help with making pppoe work in fedora core 3, now to get masquerade
working, I need the same routing table added to fc3. Here is my exisiting
route table from rh9:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
65.14.252.2     *               255.255.255.255 UH    0      0        0
ppp0
192.168.0.0     *               255.255.255.0   U     0      0        0
eth1
169.254.0.0     *               255.255.0.0     U     0      0        0
eth1
127.0.0.0       *               255.0.0.0       U     0      0        0
lo
default         65.14.252.2     0.0.0.0         UG    0      0        0
ppp0

I am not good with adding routes, how could this be done in fedora core
3? I used the firestarter wizard to get masqerading done and that is how
I got setup in redhat 9, firestarter clogs up the syslogs with usless  
traffic info, would rather not use firestarter anymore. Thank you.

--
~Ohmster
ohmster at newsguy dot com

2. File systems

3. ipnat/routing question: Two default routes?

4. Can't capture output of perl -dS !?!

5. advanced routing question (squid/policy based routing)

6. QFS Linux Client - Status/Commitment?

7. tcp/ip routing question - overriding default route down the line?

8. Slow connection with ftp

9. Routing / gated, routed questions

10. routing question - is it possible to route based on destination port of the packet?

11. tcp/ip routing question - setting the default route beyond the local router?

12. routing question

13. Appletalk routing questions