[ale] router not on the network?
Joseph A. Knapka
jknapka at earthlink.net
Wed Jan 31 16:50:20 EST 2001
Wandered Inn wrote:
>
> hirsch at zapmedia.com wrote:
> >
> > Stephan Uphoff writes:
> > >
> > > Try:
> > > route add -host x.y.z.t dev eth0
> > > route add default gw x.y.z.t
> >
> > Yow! That did the trick. Thanks a million.
>
> This brings up a question I never could figure out. Currently I have a
> bastion firewall and a choke firewall, both doing masq and forwarding.
> I'd like to have the choke just forward and let the bastion do all the
> masq. I posted queries regarding this issue to the list a while back,
> but never could get it to work. Here's a small diagram:
>
> Internet <-> Bastion (a.dmz.edu) <-> Choke (b.dmz.edu) <-> Other
> machines.
>
> The way I've got the routing set up is the Bastion's default route is to
> my isp. The Choke's default route is to the Bastion and the default
> route for 'Other machines is the Choke. This works unless I try to
> change the choke to where it is not masq, just forwarding. I'll admit,
> I'm a bit weak on the routing stuff. I was wondering if I were to set
> the 'Other machines' default to the bastion and add the -host route as
> listed above.
>
> I've also made an assumption that the default route and the gateway are
> the same thing. This might well be part of my problem.
The default route determines the destination for packets that
match no other routing rule. The gateway specifies a host
to which packets destined for non-local networks will be sent.
You can have gateways for particular networks (so eg
all 153.2.x.y packets get sent to gateway A, all other nonlocal
packets get sent to gateway B). If you have an unspecified gateway
route (eg "route add gw 192.168.4.1"), as I understand it, all
otherwise non-routeable packets will go to the gateway, and the
default route will never actually be used (though it can't hurt).
However, the gateway must be reachable before a gateway route
can be added, so you may need a default route before you can
add a gateway route.
> Further, here is the output of /sbin/route from the various machines:
This is hard to decipher because of the network numbers in some
places and network names in others. Could you post a version
with either all numbers, or all names? (Preferably numbers).
-- Joe Knapka
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list