Connection to backbone
Ray
ray@ops.selu.edu
Mon, 11 Jun 2001 16:56:04 -0500 (CDT)
On Mon, 11 Jun 2001, Ramin Alidousti wrote:
> So, if a public IP is configured on the box, why is it not the one
> which connects you to the outside world and why are you then using
> a private IP for this purpose?
Because the public IP connects to my internal network. I have a class B
public network, i'm not doing any NAT here.. Perhaps a diagram would
help, xxx.xxx denotes the public network:
--------------------
| |
| xxx.xxx.0.0/16 |
| Core switch |
--------------------
|
|
|xxx.xxx.1.1/16
---------------
| |
| Linux fw |
| |
---------------
|10.0.0.1/30
|
|10.0.0.2/30
---------------
| |
| Cisco |
| |
---------------
|yyy.yyy.yyy.yyy (some IP given by my ISP)
|
|
(---------)
( )
( internet )
( )
(---------)
Before i put up the Linux firewall, the Cisco had the xxx.xxx.1.1/16
address.
So you see, packets leaving the OUTPUT chain destined for the internet
have a src ip of 10.0.0.1. They make it to the Cisco, but are meaningless
on the internet.
I may try Vik's idea of using iproute2 to change the src address, but this
also sounds a little "hackish". I think the cleanest way is to use a
small public subnet between Linux fw/Cisco. Comments?
-Ray
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Administrator Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=