Captain Beefheart wrote:
> However, I'd like to ask if somebody can check the following abbreviated
> routing table, which I think will cause the PC in queston to act as an
> Internet gateway (eth1 is connected to a private subnet, eth0 to the WAN).
>
> Destination Gateway Genmask Iface
> 192.168.1.0 0.0.0.0 255.255.255.0 eth1
> 193.100.100.0 0.0.0.0 255.255.255.0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 lo
> 0.0.0.0 193.100.100.1 0,0,0,0 eth0
>
> To take this line by line:
>
> 1) Any packets matching this subnet mask and IP are local and therefore sent
> out onto the Ethernet plugged into eth1
> 2) Any packets matching this subnet mask and IP are local and therefore sent
> out on the Ethernet plugged into eth0
> 3) loopback (I understand the purpose of this and won't explain it here)
> 4) default route - anything not matching the IPs and subnet masks above
> should be forwarded to this router
>
> A PC on the private subnet considers the machine above its gateway. It sends
> this gateway PC a particular data packet because, according to its own
> subnet mask, it isn't for the local network. It arrives at the gateway and
> is processed by the gateway's routing table. The gateway realises that it's
> not local so it is then forwarded to its own default gateway, where the
> packet can then be routed on to its destination.
>
> Have I got this right?
Basically, Yes, Sir, You have.
A bit more in-depth: The output of "route -n" would be really helpful
here. What You sent above is some made-up replica. - Plus, any
"abbreviated" routing table is just not worth discussing.
To the point: Your explaination of things is correct. But You must
distinguish between the local machine (of which You sent the routing
table), and the gateway for it.
Since all "local" routing seems to be ok, the routing table for the
gateway, in Your case 193.100.100.1, would be fairly the same. With
some exceptions: As a router, IP forwarding must be enabled. Then,
this router will have a specific route to the private subnet, 192.\
168.1/24.
As others have already said, and the Networking-HowTo tells You, and
the Masquerading-HowTo explains just brilliantly, You're not quite
done here. - Since "private" IP addresses must not be routed over the
internet, You need to consider how to fill the source and destination
fields of the IP headers of any packet that You want to send out.
If You are addressing a valid server by its IP address from the in-
side client, You will eventually force that server to send its reply
back to one address within 192.168.1/24. This reply will not be routed
and hence, never make it back to the requesting machine.
That's what masquerading (or NAT, Network Address Translation) is good
for. - You will tell Your gateway to act as a maquerading gateway. It
will then stamp its own public IP address into the sender address field
of every packet that it forwards to the internet. This way, the remote
server can send its reply back to a valid address. Then, the masq'ing
router will recognize that this reply came in for a masqueraded request
and de-masquerade it to send it back to the requesting internal client.
Nowadays, You can achieve all this via the "iptables" command. - The
mechanics behind all this is referred to as "Connection Tracking", so
the respective module or functionality is "ip_conntrack.o".
> Sources I've read to get this far:
>
> Net How-To from the Linux Documentation Project:
> http://www.tldp.org/HOWTO/Net-HOWTO/
>
> Daryl's TCP/IP Primer:
> http://www.ipprimer.com/overview.cfm
>
> TCP/IP Introduction (from Rutgers University):
> ftp://athos.rutgers.edu/runet/tcp-ip-intro.doc
And that is why I provided this answer: You're doing Your homework all
right. - There's lots to explore. But You're on the right track for now,
I think. - Hope this helps!
Cheers, Jack.
--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...
Similar Threads
Linear Mode
