Static Routing

John Kloian III plug-discuss@lists.PLUG.phoenix.az.us
Wed, 11 Apr 2001 14:43:32 -0700 (MST) 

IP chains can translate an IP (this would be called NAT or netwrok address
translation), this is one of the many uses of IP chains, as well as qos
and queing, etc.  Without doing NAT your 192.168.1.x hosts would be able
to ping the 10.0.1.1 host becuase of IP forwarding on the linux firewall
(as long as its set to do forwarding, as explained in the earlier
message).  But, to comminucate with any other host on the 10.0.1.x network
or hosts on networks outside of your network the firewalll will have to do
NAT or Masquerading to allow your inside hosts to communicate with the
outside world.


-- 
/****************************************************************************/
/                                                                            /
/  John Kloian III                                 Chief Technology Officer  /
/  OpNIX, Inc.                                             http://opnix.com  /
/                                                                            /
/                     .Innovating Internet Intelligence.                     /
/                                                                            /
/****************************************************************************/

On Wed, 11 Apr 2001, David Demland wrote:

>My understanding is that ipchains will forward packet from one interface to
>another. I did not think that ipchains could translate an IP.
>
>Thank You,
>
>David Demland
>Qa/Process Manager
>CADTEL Systems, Inc.
>11201 N. Tatum Ste. 200
>Phoenix, AZ 85028
>(602) 648-6054
>Fax: (602) 953-4833
>ddemland@cadtel.com
>
>-----Original Message-----
>From: plug-discuss-admin@lists.PLUG.phoenix.az.us
>[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of John
>Kloian III
>Sent: Wednesday, April 11, 2001 12:03 PM
>To: Plug-Discuss
>Subject: Re: Static Routing
>
>
>Cat /proc/sys/net/ipv4/ip_forward.  If there is a zero in that file it
>means that IP forwarding is turned off.  If it isn't a one echo 1 >
>/proc/sys/net/ip4v/ip_forward.  Also is your firewall doing NAT for the
>192.168.1.x network?
>
>--
>/***************************************************************************
>*/
>/
>/
>/  John Kloian III                                 Chief Technology Officer
>/
>/  OpNIX, Inc.                                             http://opnix.com
>/
>/
>/
>/                     .Innovating Internet Intelligence.
>/
>/
>/
>/***************************************************************************
>*/
>
>On Wed, 11 Apr 2001, David Demland wrote:
>
>>I am having a problem with setting up static routing on a new firewall.
>>There are three NICs in the firewall. Two of them are setup with internal
>>Class C addresses of 192.168.1.204 (eth2) and 192.168.1.79 (eth1). The
>third
>>NIC has a Class A address of 10.0.1.1 (eth0). The default gateway is
>>10.0.1.2 from the third NIC (eth0). I need to get packets sent to
>>192.168.1.204 routed to 10.0.1.2 out the 10.0.1.1. Then I need to route
>>packets sent to 192.168.1.79 to 10.0.1.3 through the eth0 NIC was well.
>>
>>I have tried everything with the route command and only get error message
>of
>>unknown host or network. What am I doing wrong?
>>
>>Here is the picture:
>>
>>
>>   192.168.1.204                                       10.0.1.2 and
>10.0.1.3
>>                    -----------------                 ---------------------
>-
>>-
>>------------------> |               |                 |
>>|
>>                    |               |    10.0.1.1     |
>>|
>>   192.168.1.79     |   Firewall    |  -------------> |       Router
>>|
>>                    |               |                 |
>>|
>>------------------> |               |                 |
>>|
>>                    -----------------                 ---------------------
>-
>>-
>>
>>Thank You,
>>
>>David Demland
>>Qa/Process Manager
>>CADTEL Systems, Inc.
>>11201 N. Tatum Ste. 200
>>Phoenix, AZ 85028
>>(602) 648-6054
>>Fax: (602) 953-4833
>>ddemland@cadtel.com
>>
>>________________________________________________
>>See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
>post to the list quickly and you use Netscape to write mail.
>>
>>PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>________________________________________________
>See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
>to the list quickly and you use Netscape to write mail.
>
>PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>________________________________________________
>See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
>PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>