Linux router between LAN's

Hi!

I've got a debian box with to ethernet cards...

eth0: 155.209.0.2 255.255.0.0
eth1: 192.168.0.2

Can somebody please give me a good and easy to use way for me got get my
155.209.0.0 lan to comunicate with 192.168.0.0 ........
I have a great deal of computers on both lan's....And i wanna try with a
router between them.....


Harald

Two commands on the debian box should do it.

route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.2 dev eth1
route add -net 155.209.0.0 netmask 255.255.0.0 gw 155.209.0.2 dev eth0

Then you just have to tell all the computers on both networks to look to the
debian box for the connection between the two networks. This can be done
two way. One way is to program a static route on every machine on both
networks (a huge chore, depending on the size of your network). This will
not interrupt any other routing method you currently have in place. If you
want both networks to have Internet access and can use the debian box as an
Internet router for both, then just set the default gateway on every machine
to the debian box's IP (for each respecitive network). Now you should have
communication between the two.

"Harald Hellesø" <(E-Mail Removed)> wrote in message
news:ch857b$2bt$(E-Mail Removed)...
> Hi!
>
> I've got a debian box with to ethernet cards...
>
> eth0: 155.209.0.2 255.255.0.0
> eth1: 192.168.0.2
>
> Can somebody please give me a good and easy to use way for me got get my
> 155.209.0.0 lan to comunicate with 192.168.0.0 ........
> I have a great deal of computers on both lan's....And i wanna try with a
> router between them.....
>
>
> Harald
>
>

In article <ch857b$2bt$(E-Mail Removed)>, Harald Hellesø wrote:
>Hi!
>
>I've got a debian box with to ethernet cards...
>
>eth0: 155.209.0.2 255.255.0.0

Most unusual to see something not subnetted. 65,534 hosts on a single
wire is usually a congestion problem. You may want to verify that
mask with the network administrator. Hmmm, RIPE says that address
block is locked - you might want to pass that along.

>eth1: 192.168.0.2
>
>Can somebody please give me a good and easy to use way for me got get my
>155.209.0.0 lan to comunicate with 192.168.0.0 ........

684614 Nov 9 2003 IP-Masquerade-HOWTO

Masquerade - because RFC1918 addresses shouldn't be seen outside of
your network. If there is a gateway router that is preventing this,
then you only need to enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

and see that all hosts that need to converse with the "other" network
know to use your box as the gateway. The "Linux Network Administrator's
Guide" from the LDP (http://tldp.org/guides.html -> nag2 ) would also
be helpful.

Old guy

"Moe Trin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed).. .
> In article <ch857b$2bt$(E-Mail Removed)>, Harald Hellesø wrote:
>>Hi!
>>
>>I've got a debian box with to ethernet cards...
>>
>>eth0: 155.209.0.2 255.255.0.0
>
> Most unusual to see something not subnetted. 65,534 hosts on a single
> wire is usually a congestion problem. You may want to verify that
> mask with the network administrator. Hmmm, RIPE says that address
> block is locked - you might want to pass that along.
>
>>eth1: 192.168.0.2
>>
>>Can somebody please give me a good and easy to use way for me got get my
>>155.209.0.0 lan to comunicate with 192.168.0.0 ........
>
> 684614 Nov 9 2003 IP-Masquerade-HOWTO
>
> Masquerade - because RFC1918 addresses shouldn't be seen outside of
> your network. If there is a gateway router that is preventing this,
> then you only need to enable IP forwarding
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> and see that all hosts that need to converse with the "other" network
> know to use your box as the gateway. The "Linux Network Administrator's
> Guide" from the LDP (http://tldp.org/guides.html -> nag2 ) would also
> be helpful.
>
> Old guy

I don't route that subnet to the internet...So it's allowed to use on
lan's....And my network administrator (That's me) says it's ok....

I only need routes between my 2 lan's in my house....

Harald

In article <chah4j$5n2$(E-Mail Removed)>, Harald Hellesø wrote:
>I don't route that subnet to the internet...So it's allowed to use on
>lan's....And my network administrator (That's me) says it's ok....

You should get in touch with RIPE - they have a problem with the
155.209.0.0/16 allocation. Do a 'whois' query for more info.

>I only need routes between my 2 lan's in my house....

OK - as mentioned - see that all hosts on the "other" networks know
to send packets via the router. For the 192.168.0.0 network, that
would mean

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 4198 eth0
155.209.0.0 192.168.0.2 255.255.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 20 lo

while the 155.209.0.0/16 net would be

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
155.209.0.0 0.0.0.0 255.255.0.0 U 0 0 4198 eth0
192.168.0.0 155.209.0.2 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 20 lo

and the Debian box needs to be doing IPv4 forwarding as mentioned before.

Old guy

"Harald Hellesø" <(E-Mail Removed)> wrote in message news:<chah4j$5n2$(E-Mail Removed)>...
> "Moe Trin" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed).. .
> > In article <ch857b$2bt$(E-Mail Removed)>, Harald Hellesø wrote:
> >>Hi!
> >>
> >>I've got a debian box with to ethernet cards...
> >>
> >>eth0: 155.209.0.2 255.255.0.0
> >
> > Most unusual to see something not subnetted. 65,534 hosts on a single
> > wire is usually a congestion problem. You may want to verify that
> > mask with the network administrator. Hmmm, RIPE says that address
> > block is locked - you might want to pass that along.

Hmmm .... don't know about RIPE. It's in use. See below.

> >>eth1: 192.168.0.2
> >>
> >>Can somebody please give me a good and easy to use way for me got get my
> >>155.209.0.0 lan to comunicate with 192.168.0.0 ........
> >
> > 684614 Nov 9 2003 IP-Masquerade-HOWTO
> >
> > Masquerade - because RFC1918 addresses shouldn't be seen outside of
> > your network. If there is a gateway router that is preventing this,
> > then you only need to enable IP forwarding
> >
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > and see that all hosts that need to converse with the "other" network
> > know to use your box as the gateway. The "Linux Network Administrator's
> > Guide" from the LDP (http://tldp.org/guides.html -> nag2 ) would also
> > be helpful.
> >
> > Old guy
>
> I don't route that subnet to the internet...So it's allowed to use on
> lan's....And my network administrator (That's me) says it's ok....

You (the network administrator) have a peculiar way of laying out a
private network :-0

> I only need routes between my 2 lan's in my house....
>
> Harald

Lookup 155.209.0.2 (unresolved) in 20+10 Zones
AS: 155.209.0.0/16 AS2119 Telenor Internet Access Oslo
Net 155.209/16 KVAERNER Lysaker

Using such blocks for a private IP space is considered bad form and an
uninvited source of problems for the people that legitimately own the
IPs. If this lan/subnet ever does get hooked to the internet(or leaks
out in any way), rest assured that the packets will be routed ...
Your question does not inspire confidence that this will not happen.

For this reason and the fact that you cannot read the copious docs
that tell you how to set up routing tables for such an easy task, I
will offer no clues to help you out. RTFM and be a good neighbor re:
IPs (no matter what the net admin says).

regards,
prg
email above disabled

"P Gentry" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "Harald Hellesø" <(E-Mail Removed)> wrote in message
> news:<chah4j$5n2$(E-Mail Removed)>...
>> "Moe Trin" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed).. .
>> > In article <ch857b$2bt$(E-Mail Removed)>, Harald Hellesø wrote:
>> >>Hi!
>> >>
>> >>I've got a debian box with to ethernet cards...
>> >>
>> >>eth0: 155.209.0.2 255.255.0.0
>> >
>> > Most unusual to see something not subnetted. 65,534 hosts on a single
>> > wire is usually a congestion problem. You may want to verify that
>> > mask with the network administrator. Hmmm, RIPE says that address
>> > block is locked - you might want to pass that along.
>
> Hmmm .... don't know about RIPE. It's in use. See below.
>
>> >>eth1: 192.168.0.2
>> >>
>> >>Can somebody please give me a good and easy to use way for me got get
>> >>my
>> >>155.209.0.0 lan to comunicate with 192.168.0.0 ........
>> >
>> > 684614 Nov 9 2003 IP-Masquerade-HOWTO
>> >
>> > Masquerade - because RFC1918 addresses shouldn't be seen outside of
>> > your network. If there is a gateway router that is preventing this,
>> > then you only need to enable IP forwarding
>> >
>> > echo 1 > /proc/sys/net/ipv4/ip_forward
>> >
>> > and see that all hosts that need to converse with the "other" network
>> > know to use your box as the gateway. The "Linux Network
>> > Administrator's
>> > Guide" from the LDP (http://tldp.org/guides.html -> nag2 ) would also
>> > be helpful.
>> >
>> > Old guy
>>
>> I don't route that subnet to the internet...So it's allowed to use on
>> lan's....And my network administrator (That's me) says it's ok....
>
> You (the network administrator) have a peculiar way of laying out a
> private network :-0
>
>> I only need routes between my 2 lan's in my house....
>>
>> Harald
>
> Lookup 155.209.0.2 (unresolved) in 20+10 Zones
> AS: 155.209.0.0/16 AS2119 Telenor Internet Access Oslo
> Net 155.209/16 KVAERNER Lysaker
>
> Using such blocks for a private IP space is considered bad form and an
> uninvited source of problems for the people that legitimately own the
> IPs. If this lan/subnet ever does get hooked to the internet(or leaks
> out in any way), rest assured that the packets will be routed ...
> Your question does not inspire confidence that this will not happen.
>
> For this reason and the fact that you cannot read the copious docs
> that tell you how to set up routing tables for such an easy task, I
> will offer no clues to help you out. RTFM and be a good neighbor re:
> IPs (no matter what the net admin says).
>
> regards,
> prg
> email above disabled

I see people don't like me using 155.209.0.0 at home....But what damage kan
this do since my internet ip that everybody can check is in 80.x.x.x
range....So the 155.209.0.0 only shows local...

The config on the debian box works by the way..But on my Zeta and Amiga
boxes nothing is getting routed...So if anybody can help this little dum
"nobody" i would be happy....

Harald

"Harald Hellesø" <(E-Mail Removed)> wrote in
news:chd9si$6k5$(E-Mail Removed):

> I see people don't like me using 155.209.0.0 at home....But what
> damage kan this do since my internet ip that everybody can check is in
> 80.x.x.x range....So the 155.209.0.0 only shows local...

Right. I job I had last year there were weird problems with internet
access, because instead of using 10.x.x.x, the previous net admin (a guy
with an A+) used like 65.x.x.x, so when people tried to access legitimate
things on 65.x.x.x, websites, etc, it would fail as that was their own
LAN's IP.

Unless you have horribly setup your network, changing the IPs from 155.209
(why did you choose this anyway?) to 172.16.x.x by simply changing your
DHCP scope and a few static addresses. Regardless of if you think it
works, it is horribly wrong to use public, routable addresses that you do
not have ownership of for a private network.

--
website: http://www.demonlag.com
AIM: FrznFoodClerk
email: (E-Mail Removed)

In article <chd9si$6k5$(E-Mail Removed)>, Harald Hellesø wrote:

[Please trim your posts.]

>I see people don't like me using 155.209.0.0 at home....

Well, if RIPE didn't allocate the IP to you, why are you using it?

>But what damage kan this do since my internet ip that everybody can
>check is in 80.x.x.x range....So the 155.209.0.0 only shows local...

Are you sure than _no_ packet is escaping from your network with a
155.209.0.0/16 address? Although minor, such packets would be
considered a denial of service attack on the owner of that network.
I'm not in Europe, so I have no idea what the legal aspects are,
either EU or Norwegian. There _could_ be other problems as well.
You might also check the agreement you have with BKK Bredband.

Should you have any reason to attempt to send packets to Kvaerner
Engineering A/S (the designated owner of that block), you won't be
able to, because your systems will try to send those packets locally.

http://www.ietf.org/rfc/rfc1918.txt
http://www.faqs.org/rfcs/rfc1918.html
http://www.rfc-editor.org/rfc/rfc1918.txt
http://www.ccd.bnl.gov/network/general/rfc1918.html
http://www.cis.ohio-state.edu/htbin/rfc/rfc1918.html

You might also read RFC2827 which talks about the problem you may be
causing outside your network.

>The config on the debian box works by the way..But on my Zeta and Amiga
>boxes nothing is getting routed...

So look at the routing tables on those boxes.

>So if anybody can help this little dum "nobody" i would be happy....

Did you get a copy of the Linux Network Administrator's Guide yet?

Old guy

On Sat, 04 Sep 2004 22:51:20 +0200, Harald Hellesø wrote:
[snippage]
> I see people don't like me using 155.209.0.0 at home....But what damage
> kan this do since my internet ip that everybody can check is in 80.x.x.x
> range....So the 155.209.0.0 only shows local...

Like the other folks are saying... if you have any route to the internet,
and you make any mistake(s), then you might have packets "escape" to the
internet with someone else's IP addresses in them. Bad for you and them!

If you want experience with routing, why not use two private blocks of
addresses like: 192.168.x.x and 10.x.x.x which you can then setup however
you want. Everyone else would then recognize all of your packets as
"someone's private ethernet packets" even if they should (for whatever
reason) "escape" into the wild. Other sites should not propagate them
further to cause any more problems. Legitimate owners would not get angry.

Personally, I would consider different subnets of 192.168.x.x to be
sufficient, but I don't know what kind of experiments you are doing.

--
Juhan Leemet
Logicognosis, Inc.