I have a masquerading gateway running at a client site, and a
complication has developed. Just before I installed the gateway,
somebody decided, "let's put a 100-meg card in the Novell server, and
move the accounting people to the new card!" Good idea, and really
common practice in the Novell world. The interface to the internet
is through a second ethernet adapter, to an Ascend router, by the
way.
IPX doesn't care that we have 2 networks; the IP world does, and I
now have 2 internal IP networks to masquerade.
In simulating this on my network at home, everything works fine. My
internal networks are 192.168.1.0 (linux system, internal win95
machines, and Netware) and 192.168.2.0 (2nd card in Netware server,
and test win95 machine). I used "192.168.0.0/16" in my ipfwadm masq
setup, and the test machine could get out to the internet just fine.
The Netware server is doing ip forwarding between the 2 networks, and
I must have stumbled on the right ip commands.
This doesn't work at the client site. Same network numbers; from a
machine on the new segment, I can ping the Linux system, both the
internal and external interfaces, but not the router on the external
net.
I'm considering putting a third card in the Linux system, and
disabling all tcp/ip on the Novell server. I may get into forwarding
issues between the 2 internal nets, as there's a complicating factor
of an NT server running Exchange, too, and it may require tcp/ip.
I would appreciate any thoughts or good ideas here. If we can make
the Netware server do the routing, great. I'm not in charge of
maintaing this machine, and I don't want to screw it up, or defeat
the purpose of getting more throughput by keeping it too busy playing
router! (The person in charge doesn't have a clue about any of these
issues, btw.)
Let's kick it around and see if there are any ideas out there.
Thanks.
Charles Shoemaker, CNE
CKS LAN Associates, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
