Re: [masq] [masq-dev] Routes on a masqueraded box ...

[David A. Ranch]

Hey Tom,

First, your e-mail shouldn't have gone to the "Dev" list.  The Dev list 
is for MASQ developers regarding MASQ code & features.  Next time, please
put your questions on the normal MASQ list at [EMAIL PROTECTED]

Anyway...  I'll give your e-mail question a try...

--

First, to put multiple IP addresses per NIC on a Linux box, 
you need to enable "Network ALIASING" in the kernel code and
then recompile the Linux kernel.  After the new kernel is
running, you configure the IP addresses on the various
ethernet cards like usual but now instead of only
having device options like:

        eth0, eth1, eth2, eth3

Now you also have options like:

        eth0, eth0:0, eth0:1, eth0:2, ..., eth1, eth1:0, etc..

If you are running Redhat, copy the file 

/etc/sysconfig/network-scripts/ifcfg-eth0 

        to 

/etc/sysconfig/network-scripts/ifcfg-eth0:0
and
/etc/sysconfig/network-scripts/ifcfg-eth0:1
etc..

Put the relivant IPs in each of the subinterface
files and thats IT!

--

Next, does this picture fit your enviroment?  All IPs are 
made-up and are the IPs configured on the Linux box.


                  Local LAN     Internet
                   192.168.1.1   172.20.1.1
                      |            |
 +--------------+     |            |
 | Linux   eth0 ------+            |       +-eth2:0 - 10.1.1.1
 |  Box    eth1 -------------------+       |
 |         eth2 ---------------------------+-eth2:1 - 10.2.1.1
 |         eth3 ------+                    |
 +--------------+     |                    +-eth2:2 - 10.3.1.1
                      |
          +-----------+-----------+
          |           |           |

   F  r  a  m  e   R  e  l  a  y   C l o u d

          |           |           |
        eth3:0      eth3:1      eth3:2
      10.10.1.1   10.11.1.1    10.12.1.1


Unless you need to filter out IP routes to specific sites, you
should do the following:

        - set the default gateway on the Linux box to the 
          IP address of your remote Internet router's IP address

        - you need IP addresses on ALL eth interfaces, regardless
          of the interface being physical or virtual

        - Next, if you want to interconnect ALL the subnets without
          masquerading between them but DO masq to your Internet
          connection, you need to something like \the following 
          rules.  But, to be honest, I think there might is be
          something wrong with these rules.  You'll have to try
          some experimentation if these rules don't work.

                ipfwadm -F -f
                ipfwadm -F -p deny
                #Rules for the ETH0 interface
                ipfwadm -F -a -V 192.168.1.1 -D 10.1.1.0/24
                ipfwadm -F -a -V 192.168.1.1 -D 10.2.1.0/24
                ipfwadm -F -a -V 192.168.1.1 -D 10.3.1.0/24
                ipfwadm -F -a -V 192.168.1.1 -D 10.10.1.0/24
                ipfwadm -F -a -V 192.168.1.1 -D 10.11.1.0/24
                ipfwadm -F -a -V 192.168.1.1 -D 10.12.1.0/24
                #Rules for the ETH1 interface
                ipfwadm -F -a -V 10.1.1.1 -D 192.168.1.0/24
                ipfwadm -F -a -V 10.1.1.1 -D 10.2.1.0/24
                ipfwadm -F -a -V 10.1.1.1 -D 10.3.1.0/24
                ipfwadm -F -a -V 10.1.1.1 -D 10.10.1.0/24
                ipfwadm -F -a -V 10.1.1.1 -D 10.11.1.0/24
                ipfwadm -F -a -V 10.1.1.1 -D 10.12.1.0/24
                .
                .
                .
                ipfwadm -F -a -m -W eth1



You should be able to see the pattern here.  Yes.. it is
a long list but this what a dynamic routing protocol
like RIP2, OSPF, etc, does for you.  

Good luck!

--David



>I have a Linux 2.0.35 with a 4 port NIC in it, which is doing masquerading. 
>This isn't a masquerade question per say, but I need to figure out how to
route
>to multiple gateways.  In out setup, we have our local ethernet, which I will
>refer to as Net A, our internet router, which I will refer to as Net B, and
two
>routers that go to TCP/IP hosts via routers on frame relay networks (Net C and
>Net D).
>
>To complicate things a touch, there are multiple TCP network addresses
>associated with Nets C and D.  In other words, each router is a PVC with a
DLCI
>on a frame relay network, in a configuration with multiple point to point
>connections, each having an individual TCP address that is completely
unrelated
>to the others.
>
>So there are two questions.
>
>Question 1)  How do I set up a static route table on the Linux box to route
>packets for a certain TCP address(es)  (not on the local net) to a certain
>interface (Net D), other ones to other address(es) to another interface (Net
C),
>and then anything else out to the internet interface (Net B).  Can I just
>declare the route statements in that order, each as a gateway, and have it
work?
>
>Question 2) How do you give multiple base network addresses to a single NIC,
>along with multiple tcpip addresses, etc.
>
>
>A simple proposition to some, but baffling to me ...


.----------------------------------------------------------------------------.
|  David A. Ranch - Remote Access/Linux/PC hardware      [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]