how to configure Gateway func between 2 ifaces, one with static IP,other with DHCP

Hi,

I have a private network on 10.0.2.x network on one hand (all linux
boxes running CentOS4.6) -- all of these hosts have a single LAN card,
barring 1, called "gatekeeper" which has 2. On "gatekeeper" one of the
interfaces has the IP=10.0.2.254 (gateway for all other hosts on the
private network), and the other interface is configured for DHCP.
Also, I've setup DynDNS on this machine s.t. I could reach this
machine over the Dynamic IP from anywhere. The interface with DHCP IP,
allows it to connect to the Internet via a firewall (& http proxy
etc.). I also have a network which is also assigned a dynamic IP via
DHCP, which can connect to the internet, and also to "gatekeeper". I'd
like to know, how I could configure "gatekeeper" to act as a Gateway
for the 10.0.2.x private LAN machines, s.t. they can also be reached
from the internet (via a middle-hope on "gatekeeper") and vice-versa ?

The intended topology is available in this image-link here (http://
c.imagehost.org/0781/topo.gif)

thanks & regards,
bani

On Jul 29, 6:56*pm, b_dutta <banibrata.du...@gmail.com> wrote:
> Hi,
>
> I have a private network on 10.0.2.x network on one hand (all linux
> boxes running CentOS4.6) -- all of these hosts have a single LAN card,
> barring 1, called "gatekeeper" which has 2. On "gatekeeper" one of the
> interfaces has the IP=10.0.2.254 (gateway for all other hosts on the
> private network), and the other interface is configured for DHCP.
> Also, I've setup DynDNS on this machine s.t. I could reach this
> machine over the Dynamic IP from anywhere. The interface with DHCP IP,
> allows it to connect to the Internet via a firewall (& http proxy
> etc.). I also have a network which is also assigned a dynamic IP via
> DHCP, which can connect to the internet, and also to "gatekeeper". I'd
> like to know, how I could configure "gatekeeper" to act as a Gateway
> for the 10.0.2.x private LAN machines, s.t. they can also be reached
> from the internet (via a middle-hope on "gatekeeper") and vice-versa ?
>
> The intended topology is available in this image-link here (http://
> c.imagehost.org/0781/topo.gif)
>
> thanks & regards,
> bani

Forgot to add that, I only have control over (i.e. admin-privileges)
for the machines on the Private LAN (10.0.2.x) and the "gatekeeper"
machine itself. I do not have any admin-privileges over the Firewall,
DHCP server etc., as this is in an inflexible corporate network.

thanks & regards,
bani

b_dutta pisze:
> Hi,
>
> I have a private network on 10.0.2.x network on one hand (all linux
> boxes running CentOS4.6) -- all of these hosts have a single LAN card,
> barring 1, called "gatekeeper" which has 2. On "gatekeeper" one of the
> interfaces has the IP=10.0.2.254 (gateway for all other hosts on the
> private network), and the other interface is configured for DHCP.

So its IP address is alocated from a DHCPD server. You do not have
control over this process. You say so in the following post.

> Also, I've setup DynDNS on this machine s.t. I could reach this
> machine over the Dynamic IP from anywhere.
Hmm... It seems someone had set port forwarding on the firewall so that
you can use at least port 80 to access your gatekeeper. Thank him for
that. Or perhaps there is no firewall there at all...?


> The interface with DHCP IP,
> allows it to connect to the Internet via a firewall (& http proxy
> etc.).
Nothing unusual. It is a default route taken from th DHCPD server that
tells the gatekeeper about the right path to the Net.



> I also have a network which is also assigned a dynamic IP via
> DHCP, which can connect to the internet, and also to "gatekeeper".
Do not forget to tells us that this DHCP is YOURS, not Theirs. Theirs
sets the default route, ip, netmask, broadcast of the gatekeeper's
interfaces. That's all.


> I'd
> like to know, how I could configure "gatekeeper" to act as a Gateway
> for the 10.0.2.x private LAN machines, s.t. they can also be reached
> from the internet (via a middle-hope on "gatekeeper") and vice-versa ?
If you have a full control over the gatekeeper you should be able to
further redirect the packets destined for your 10.0.2.x network machines.
Methinks iptables and iproute2 should be of great help in this field.
You could match packets destined for specific ports coming in on an
dhcp_ip gatekeeper's interface, mark them, then route to one of your
LAN's computers.

Being more specific is beyond of my expertise, however.

Agryppa

> The intended topology is available in this image-link here (http://
> c.imagehost.org/0781/topo.gif)

Nice picture, done with DIA?
>
> thanks & regards,
> bani