Routing Networks

Nils Vogels nivo+sender+8eb026 at yuckfou.org
Wed Jan 14 13:20:32 PST 2004 

Nicolás de Bari Embríz G. R. wrote:

>Hi all, I need some help routing or making Nat on a LAN.
>
>I have something like this:
>
>
>                  I N T E R N E T
>                 -----------------
>                ^                 ^
>                |                 |
>fxp0      public IP           public IP
>                |                 |
>         FreeBSD server      LINUX server
>                |                 |
>dc0   192.168.10.1                |
>dc1   192.168.1.1 ^           192.168.1.3
>                ^ |           ^
>                | |           |
>                | |           |
>               ----------------
>              |   Switch/Hub   |
>               ----------------
>                   |       |
>    ------------------     -----------------
>   |      LAN  A      |   |     LAN  B      |
>   | 192.168.10.2-254 |   | 192.168.1.4-100 |
>    ------------------     -----------------
>
>I have running a FreeBSD server as a gateway and DHCP, the server share
>the Internet to all the computers on LAN A (192.168.10.0/24).
>
>The server have 3 network cards:
>
>fxp0 is public IP.
>dc0  is the gateway for the LAN A "192.168.10.1".
>dc1  has IP 192.168.1.1 ( need help with this ).
>
>
>Right now i am just using fxp0 and dc0 so any computer on the LAN A
>"192.168.10.2-254" can have Internet, my ipnat.rules file looks like this:
>
>--
>map fxp0 192.168.10.1/24 -> 0/32 portmap tcp/udp auto
>map fxp0 192.168.10.1/24 -> 0/32
>--
>
>until that point everything just work OK.
>
>There is another network, I will call it LAN B, this LAN make the same
>thing that i am doing with the FreeBSD Server, but instead it uses LINUX,
>the m achine have 2 network cars.
>
>eth0 has a public IP.
>eth1 is the gateway for the LAN B "192.168.1.3"
>
>
>Both networks are connected to the same switch/hub, but now i need that
>the computers of LAN A can see "ping" computers on LAN B.
>  
>
You need to tell the Linux server, that it can reach the clients on LAN 
A via the 192.168.1.1 IP address. This can be done by putting a route in 
the routing table of the linux box, along the lines of this command:

route add -net 192.168.10.0/24 192.168.1.1

Offcourse, the syntax might be slightly off.

If you *REALLY REALLY* cannot make this change on the Linux box (really, 
it's only minor, nothing to worry about for it's sysadmin) you could try 
to NAT the traffic when going from LAN A to the server. This however 
will only make connections /FROM/ LAN A /TO/ the Linux box possible. 
Connections /TO/ LAN A /FROM/ the Linux box will not be possible.

This should work with an ipnat rule that goes something along the lines of:

map dc1 192.168.10.0/24 -> 192.168.1.1/32 portmap tcp/udp auto
map dc1 192.168.10.0/24 -> 192.168.1.1/32

HTH & HAND

-- 
Simple guidelines to happiness:
Work like you don't need the money,
love like your heart has never been broken and 
dance like no one can see you.

More information about the freebsd-net mailing list