routing on same subnet ...

I am using SuSE Pro 9 as an Internet Gateway, so this box was always used as
a 'default gateway' within my network. Now I purchased an additional
ISDN-Router for LAN-2-LAN connectivity. How can I use my default gateway, to
route all packets to/from the remote LAN via my separate ISDN-Router ?


Internet remote LAN (10.1.1.0)
/ /
/ /
/--/ /--/
/ /
+------/-------+ +------/-------+
| default gw | | ISDN router |
| 192.168.0.98 | | 192.168.0.99 |
+------+-------+ +------+-------+
| |
| |
-------+-------------+------+-------------+-----+-------------
| | |
| | |
+------+-------+ +------+-------+ +------+-------+
| node 1 | | node 2 | | node n |
| 192.168.0.21 | | 192.168.0.22 | | 192.168.0.n |
+--------------+ +--------------+ +--------------+

The reason I'm asking, is that I don't want to maintain the routing tables
of all my LAN-clients, there must be an easier solution, am I right ? My
first idea was, to simply add another route on my default gw (192.168.0.98):

ip route add 10.1.1.0/24 vi 192.168.0.99.

That enabled my default router to connect to the remote LAN, but not the
clients on my network. What am I missing ? The default gw also serves as a
firewall to the internet. But it never occurred to me, that the
iptables-entries filter the remote LAN, because they are routed via the
internal LAN devices. Am I right here ?

So in the end, I am a little bit confused, and don't know, whether I should
focus on the routing tables or the packet filters or both, to come to a
solution. Who can tell me, what's the next step ?

- Markus

Markus Haberstock wrote:

> I am using SuSE Pro 9 as an Internet Gateway, so this box was always used
> as a 'default gateway' within my network. Now I purchased an additional
> ISDN-Router for LAN-2-LAN connectivity. How can I use my default gateway,
> to route all packets to/from the remote LAN via my separate ISDN-Router ?
>
>
> Internet remote LAN (10.1.1.0)
> / /
> / /
> /--/ /--/
> / /
> +------/-------+ +------/-------+
> | default gw | | ISDN router |
> | 192.168.0.98 | | 192.168.0.99 |
> +------+-------+ +------+-------+
> | |
> | |
> -------+-------------+------+-------------+-----+-------------
> | | |
> | | |
> +------+-------+ +------+-------+ +------+-------+
> | node 1 | | node 2 | | node n |
> | 192.168.0.21 | | 192.168.0.22 | | 192.168.0.n |
> +--------------+ +--------------+ +--------------+
>
> The reason I'm asking, is that I don't want to maintain the routing tables
> of all my LAN-clients, there must be an easier solution, am I right ? My
> first idea was, to simply add another route on my default gw
> (192.168.0.98):
>
> ip route add 10.1.1.0/24 vi 192.168.0.99.
>
> That enabled my default router to connect to the remote LAN, but not the
> clients on my network. What am I missing ? The default gw also serves as a
> firewall to the internet. But it never occurred to me, that the
> iptables-entries filter the remote LAN, because they are routed via the
> internal LAN devices. Am I right here ?
>
> So in the end, I am a little bit confused, and don't know, whether I
> should focus on the routing tables or the packet filters or both, to come
> to a solution. Who can tell me, what's the next step ?
>
> - Markus
Hi Markus,

since your 192.168.0.x clients only have the default gateway set, they
expect the 10.x.x.x net to be behind the firewall. So best solution is to
update the routing tables on the 192.168.0.x clients. The reason why this
don't work is propably, that you filter the traffic with your firewalls
FORWARD chain.

Alex

On Thu, 13 May 2004 23:58:42 GMT, Markus Haberstock <(E-Mail Removed)> wrote:
> I am using SuSE Pro 9 as an Internet Gateway, so this box was always used as
> a 'default gateway' within my network. Now I purchased an additional
> ISDN-Router for LAN-2-LAN connectivity. How can I use my default gateway, to
> route all packets to/from the remote LAN via my separate ISDN-Router ?

If you want to have single default route for 192.168.0.0/24 LAN, it may be
better to have Linux handle the routing for the ISDN router with a 3rd nic
like the following (maybe different IP pair for Linux to ISDN
connection). As long as both internal interfaces are listed for
FW_DEV_INT (space separated list) in SuSEfirewall2 they would be masq'd
for internet, and as long as FW_ALLOW_CLASS_ROUTING="yes" the internal
interfaces could communicate with each other directly.

> Internet remote LAN (10.1.1.0)
> / /
> / /
> /--/ /--/
> / /
> +------/-------+ +------/-------+
> | default gw | | ISDN router |
> | 192.168.0.98 |-----| 192.168.0.99 |
> +------+-------+ +------+-------+
> |
> |
> -------+-------------+------+-------------+-----+-------------
> | | |
> | | |
> +------+-------+ +------+-------+ +------+-------+
> | node 1 | | node 2 | | node n |
> | 192.168.0.21 | | 192.168.0.22 | | 192.168.0.n |
> +--------------+ +--------------+ +--------------+

--
David Efflandt - All spam ignored http://www.de-srv.com/