? route add -host HOST gateway (not directly attached)

? route add -host HOST gateway (not directly attached)

Post by aryzh » Sat, 13 Apr 2002 20:27:10



Hello All,

Is there any method to tell my clients to use a not-locally-attached
gateway
in order to reach a specific server?

Example: client is on address  a.b.c.5

Gateway host (solaris) is on address  x.y.z.7  and is pingable from
a.b.c.5 through
bunch of other routers.  This gateway also has a second interface with
IP address k.l.m.1

The server I want to reach is on k.l.m.2 address and is pingable from
the gateway.

I don't want to advertise the x.y.z.0 to k.l.m.0 route from my
gateway,
but only to tell  specific clients that they have to use x.y.z.7
gateway
in order to reach k.l.m.2 host

route add -host k.l.m.2 x.y.z.7
obviously says network unreacheable because x.y.z.7 is not directly
attached to
the client's network.

Is there any other way?

Thanks,
Andrei

 
 
 

? route add -host HOST gateway (not directly attached)

Post by Darren Dunha » Sun, 14 Apr 2002 07:24:15



> Hello All,
> Is there any method to tell my clients to use a not-locally-attached
> gateway
> in order to reach a specific server?
> Example: client is on address  a.b.c.5
> Gateway host (solaris) is on address  x.y.z.7  and is pingable from
> a.b.c.5 through
> bunch of other routers.  This gateway also has a second interface with
> IP address k.l.m.1
> The server I want to reach is on k.l.m.2 address and is pingable from
> the gateway.
> I don't want to advertise the x.y.z.0 to k.l.m.0 route from my
> gateway,
> but only to tell  specific clients that they have to use x.y.z.7
> gateway
> in order to reach k.l.m.2 host

Then no.  There are only 2 places for addresses in a normal packet.
There's the ethernet destination and the IP destination.

When it leaves the client, the ethernet destination has the router in it
so that it will get there.  The router tosses the ethernet frame as it
is delivered.

Then in the IP frame there is only one destination address, and that's
the final destination.  There is no place for an intermediate router.

Now that's the normal case.  There is also "source routing", but most
routers will have it disabled since it can present security problems.
Solaris does not offer a means to use it in any way that I am aware..

--

Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
          < How are you gentlemen!! Take off every '.SIG'!! >

 
 
 

? route add -host HOST gateway (not directly attached)

Post by aryzh » Sun, 14 Apr 2002 18:36:24



> Then no.  There are only 2 places for addresses in a normal packet.
> There's the ethernet destination and the IP destination.

> When it leaves the client, the ethernet destination has the router in it
> so that it will get there.  The router tosses the ethernet frame as it
> is delivered.

> Then in the IP frame there is only one destination address, and that's
> the final destination.  There is no place for an intermediate router.

> Now that's the normal case.  There is also "source routing", but most
> routers will have it disabled since it can present security problems.
> Solaris does not offer a means to use it in any way that I am aware..

Thanks..

Is there any way to have a virtual address on the gateway host,
which is pingable from client and is automatially forwarded
to that invisible server? I guess firewall software can do
this sort of masquerading, but needs a license.
Do you know of any public-domain program
which I can use for such forwarding?

Regards,
Andrei

 
 
 

? route add -host HOST gateway (not directly attached)

Post by Darren Dunha » Mon, 15 Apr 2002 06:30:18



> Thanks..
> Is there any way to have a virtual address on the gateway host,
> which is pingable from client and is automatially forwarded
> to that invisible server? I guess firewall software can do
> this sort of masquerading, but needs a license.
> Do you know of any public-domain program
> which I can use for such forwarding?

IP filter can do some of that.  It really depends on what you expect to
do on the machine.  Run a web browser?  easy.  Run a FTP server?  much,
much harder.  

Check the IPfilter FAQ for some ideas of what it can do..

--

Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
          < How are you gentlemen!! Take off every '.SIG'!! >

 
 
 

? route add -host HOST gateway (not directly attached)

Post by aryzh » Tue, 16 Apr 2002 02:54:52




> > Thanks..

> > Is there any way to have a virtual address on the gateway host,
> > which is pingable from client and is automatially forwarded
> > to that invisible server? I guess firewall software can do
> > this sort of masquerading, but needs a license.
> > Do you know of any public-domain program
> > which I can use for such forwarding?

> IP filter can do some of that.  It really depends on what you expect to
> do on the machine.  Run a web browser?  easy.  Run a FTP server?  much,
> much harder.  

> Check the IPfilter FAQ for some ideas of what it can do..

Thanks alot,
I'll certainly check it out.
The server behind the router is supposed to listen on 4 fixed TCP ports.
The returning packets do reach the clients easily, 'coz the gateway
is the default router for the server. Hope IPfilter will help to
deliver the packets from clients.

Cheers,
Andrei

 
 
 

? route add -host HOST gateway (not directly attached)

Post by Darren Dunha » Wed, 17 Apr 2002 03:13:00



>> IP filter can do some of that.  It really depends on what you expect to
>> do on the machine.  Run a web browser?  easy.  Run a FTP server?  much,
>> much harder.  

>> Check the IPfilter FAQ for some ideas of what it can do..
> Thanks alot,
> I'll certainly check it out.
> The server behind the router is supposed to listen on 4 fixed TCP ports.
> The returning packets do reach the clients easily, 'coz the gateway
> is the default router for the server. Hope IPfilter will help to
> deliver the packets from clients.

IPfilter comes with IPNAT which is a general NAT solution, but if you're
just doing a couple of simple TCP ports, you might use some simple port
tunnelling with SSH.  

IPNAT is more general and will serve you well in many situations, but a
simple port tunnel with SSH could be quite doable also.
--

Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
          < How are you gentlemen!! Take off every '.SIG'!! >

 
 
 

1. proxy arp to hosts *not* directly connected

Hi,

On solaris 2.4 it is not possible to add an `arp'
entry in your arp tables of a host that is *not*
directly connected to your interface(s).I want to
perform proxy arp to a host that is *not* directly
connected to the sun's interface. So, i am thinking
replacing the solaris arp by some other arp which
allows me doing want want i want.

Does anybody know what arp i can use?
(The FreeBSD version cannot be compiled under
solaris)

Frank.

--

-------------------------------------------------
F.P.M. Wetzels                           ADIV/CNS

meibergdreef 15              Voice +31 20 5662916
1105 AZ  Amsterdam-ZO          Fax +31 20 6973181
-------------------------------------------------

2. Linux Question

3. Can't ping the host name or host IP address from host.

4. request :how to manipulate multicast functions

5. can't ping host or host IP from host ?

6. Melissa Virus Author Finally Jailed

7. /etc/hosts (or NIS host map): official-host-name vs nicknames

8. Suggestions on "meta-FAQ" wanted

9. Apache 1.3b2: Default Host and all virtual hosts serve only first virtual hosts pages?

10. IP Host-to-Host routing

11. add a 2nd gateway on a host

12. Portmap not reading hosts.allow and hosts.deny?

13. 'host' command not using /etc/hosts?