On Wed, 29 Jan 2003, Dave Cornejo wrote: > local network is 192.168.1.0/24 > > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 > > now, the rules: > > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. > > 2) .2 may directly exchange packets with any host > > 3) .2 acts as the gateway to the internet > > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2.
The "cleanest" way to do this would be by subnetting. You could have .2 on two subnets, with one of the subnets having only the .1 host, while the other subnet has the rest of the hosts. However, you would want to tell .1 to route packets for .3 to .2. This can be done with a simple entry in the routing table on .1. If you don't "trust" .1 or can't modify it's routing table, then you would need to setup a transparent firewall. Then you need to tell .2 to redirect packets from .1 to .3. If you want packets from .3 to .1 to go through .2 as well, you would do the same thing, but the other way around (change/reverse the addresses). As for _how_ to do this with FreeBSD, you could use ipfw to redirect the packets. This would be done with the "fwd" keyboard. Check the manpage ipfw(8) for more details. You could also do some kind of layer 2 filtering/rewriting between .3 and the rest of the Ethernet. However, if your goal is to have .2 see all of the packets from .3 to .1, then there's a better way of doing it. If you are using an Ethernet hub, then every host on the LAN will already see every packet that is sent by every host. If you are using an Ethernet switch, you might be able to tell the switch that one of the ports should see every packet sent to the LAN. In the world of cisco, this is known as 'port monitoring'. I'm not sure about other vendors however. > If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. To be quite honest, I think you need to read up a bit more on how TCP/IP and Ethernet work. In general (and this is not 100% true, since there are other rules), all hosts on a LAN (well, subnet) will have "direct connectivity" to each other. There is no process for hosts to "join" an IP/Ethernet network, they simply just start sending and receiving packets. > > I have a solution that uses Linux, but I'm reasonably certain that it > really uses a flaw in the Linux kernel to work as it's dicey to set > up, requires a specific order of steps and requires a reboot when > things like the hosts IP address changes. > Do you know what this is called? Or can you atleast describe this method in more detail? I might even have the completely wrong idea about what you're trying to accomplish. Hope this helps, and I hope I didn't confuse you. :) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
