On 5 Feb, Sandy Harris wrote:
> 118.136.195.151
> +-----+ internet +----+
> | ISP |-------------------| GW |--> to other 44.x.x.x hosts
> +-----+ +----+
> |
> | ppp0 (205.1.1.20) 44.80.42.1
> +------------+ (192.168.1.2) +--------+
> | Linux Masq |--------------------------| JNOS |---> local net
> +------------+ slip0 (192.168.1.1) +--------+ 44.80.42.0/24
>
>> Here is my bare bones ipfwadm test setup that I have in rc.local.
>> In simplest terms, I want anything FROM JNOS passed to GW to appear to
>> use the Linux dynamic IP address
>
> Why on earth do you want that?
Because GW will be sending packets destined for 44.80.42.x/24 to
whatever IP address was used at my end to send this special command
packet to GW.
> Shouldn't you bypass masquerading here and let gateway see packets from
> 44.80.42.*? Tell the masq box not to masquerade those, just send them on
> to the ISP.
I don't need to use the 192.168.1.1 and 1.2 addresses. I could actually
change them to 44.80.42.x addresses. I'm only using them because I set
it up based on ethernet examples. If I made the 192.168.1.2 interface
44.80.42.1 instead, how would I pass the packets to GW? Would
ipfwadm -F -a accept -S 44.80.42.1 -D 118.136.195.151
pass packets directly from JNOS to GW? Assuming I had the routing set
up right? Since the route to GW is via ppp0 in the above, wouldn't I
need masquerading to reach GW from JNOS? JNOS knows nothing about the
ppp0 inteface. It only knows the route to GW is via the slip0 interface.
> You would then need routes saying:
>
> GW: route to 44.80.42.0 via 205.1.1.20
> Masq box: """"""""""""""""""""""" 192.168.1.2
>
> Two catches. One is that the first routing thing above needs to be in
> the
> DNS of whoever owns the 44.80.* domain; you can't do this yourself.
This is the problem. The 205.x.x.x address changes from time to time. I
*DO* have the ability to set my route on GW by simply sending a special
command packet. So in line 1 above, I can set that route. In line 2
above, I can do this in my routing table on the Linux Masq box.
Here's the catch. The route on GW to JNOS will be set by WHATEVER ip
address I'm using to reach GW at the time. If my packet appears to
arrive from the dynamic address assigned to ppp0, GW will route all
packets for 44.80.42.x/24 to that dynamic address. If my packet appears
to arrive from my 44.80.42.1 address, then it will route all
44.80.42.x/24 packets to 44.80.42.1. How will it reach 44.80.42.1
(JNOS) without masquerading?
This has given me a lot of food for thought. Like I said, I'm open to
all suggestions. Thanks for your ideas.
*I need a way to reach GW.
*whatever address I use to reach GW will be the address GW sends ALL my
packets back with. Not just connections I initiate but all FUTURE
incoming packets destined for 44.80.42.x/24. (SMTP, HTTP, Telnet, FTP,
etc.) will go to whatever address GW sees when I send my routing command
packet to GW (the route times out and has to be sent periodically)
- So -
*I need a way for those incoming packets to reach JNOS
*I have control of all IP addresses on Linux and JNOS except for ppp0
and I can make them anything I need including 44.x.x.x addresses.
(sick of this thread? I'll stop if it's annoying anyone.)
--
Scott Felton - Mount Joy, PA USA
Slackware Linux v.3.6.0
[EMAIL PROTECTED]
http://www.k3ir.ampr.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
