| 1 |
George Garvey wrote: |
| 2 |
> I just installed a T1 to a new ISP using a Sangoma CSU/DSU card. |
| 3 |
> I thought I could use aliased IPs on existing gigE NICS on our LAN |
| 4 |
> to set up the hosts that need an internet routable presence. |
| 5 |
> Maybe that can be done, but not by me. I don't understand enough. I |
| 6 |
> can get it to work on the system with the T1. But not on another |
| 7 |
> computer over the LAN. |
| 8 |
> |
| 9 |
> On the system with the T1, I have a gigE to the LAN, and one of the |
| 10 |
> ISP's IPs for asterisk (as an alias to the T1). That works okay. It |
| 11 |
> worked okay with the ISP's IP as an alias to eth0, too. |
| 12 |
> Edited output from ifconfig: |
| 13 |
> (this is the gigE NIC connected to a switch for our LAN) |
| 14 |
> eth0 Link encap:Ethernet HWaddr 00:07:E9:19:F3:F5 |
| 15 |
> inet addr:192.168.1.17 Bcast:192.168.1.255 Mask:255.255.255.0 |
| 16 |
> |
| 17 |
> lo Link encap:Local Loopback |
| 18 |
> inet addr:127.0.0.1 Mask:255.0.0.0 |
| 19 |
> |
| 20 |
> (this is the T1. with the internet IP as an alias) |
| 21 |
> w1g1 Link encap:Point-to-Point Protocol |
| 22 |
> UP POINTOPOINT RUNNING NOARP MTU:1532 Metric:1 |
| 23 |
> w1g1ppp Link encap:Point-to-Point Protocol |
| 24 |
> inet addr:209.101.232.82 P-t-P:209.101.232.81 Mask:255.255.255.252 |
| 25 |
> UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 |
| 26 |
> w1g1ppp:0 Link encap:Point-to-Point Protocol |
| 27 |
> inet addr:216.132.251.226 P-t-P:216.132.251.226 Mask:255.255.255.224 |
| 28 |
> UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 |
| 29 |
> |
| 30 |
> (this is the routing table [route -n]) |
| 31 |
> Destination Gateway Genmask Flags Metric Ref Use Iface |
| 32 |
> 216.132.251.227 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 |
| 33 |
> 209.101.232.80 0.0.0.0 255.255.255.252 U 0 0 0 w1g1ppp |
| 34 |
> 216.132.251.224 0.0.0.0 255.255.255.224 U 0 0 0 w1g1ppp |
| 35 |
> 192.168.2.0 192.168.1.12 255.255.255.0 UG 0 0 0 eth0 |
| 36 |
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 |
| 37 |
> 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo |
| 38 |
> 0.0.0.0 209.101.232.81 0.0.0.0 UG 0 0 0 w1g1ppp |
| 39 |
> |
| 40 |
> The problem I'm having is with an alias on another computer that |
| 41 |
> needs to be on the internet. It is the IP 216.132.251.227. Traffic |
| 42 |
> internal to our LAN is routed to the computer that has that alias |
| 43 |
> (192.168.1.6). But, traffic coming from the internet gets to 209.101.232.82 |
| 44 |
> and stops according to traceroute. |
| 45 |
> I'm too ignorant to understand why the host route doesn't work for |
| 46 |
> packets coming from the T1 (from the internet), and get sent to the |
| 47 |
> computer that handles that IP. This is the latest in a series of |
| 48 |
> attempts. I've also tried putting the 216.132.251.224 network on the |
| 49 |
> LAN. I've tried using the 216.132.251.227's LAN address (192.168.1.6) |
| 50 |
> as a gateway for the host route. I've tried removing the |
| 51 |
> 216.132.251.224 network route entirely, and just having host routes. |
| 52 |
> |
| 53 |
> What I was hoping to do was have one computer (192.168.1.17) |
| 54 |
> connected to the ISP with a T1, and serve as a router for the ISP's |
| 55 |
> IPs. That would also be connected to the internet with one of the ISP's |
| 56 |
> IPs for use by asterisk (216.132.251.226). This seems to be working |
| 57 |
> okay. |
| 58 |
> I wanted another computer (192.168.1.6) to have an aliased ISP IP |
| 59 |
> (216.132.251.227) that would let that computer also have an internet |
| 60 |
> routable address. This is what I don't seem to be able to do. The |
| 61 |
> computer with the T1 doesn't seem to route packets from the internet |
| 62 |
> to the other computer over our LAN. It does for packets originating |
| 63 |
> from our LAN. But not for packets from the internet. |
| 64 |
> I know my error is going to be obvious to everyone who actually |
| 65 |
> understands this stuff ;) I hope I've given the info to make things |
| 66 |
> clear. |
| 67 |
> I can set up a small Fast enet switch for the ISP's network, I |
| 68 |
> guess. But I was hoping not to need to do that, and add more NICs to |
| 69 |
> the computers that eventually need to be on the internet. But maybe |
| 70 |
> that is what I need to do. |
| 71 |
> Any and all advice (including things to read to decrease my |
| 72 |
> ignorance) appreciated. |
| 73 |
|
| 74 |
First, a little terminology hygiene - IP aliasing refers having multiple |
| 75 |
addresses on a single physical interface, masquerading is the Linux |
| 76 |
terminology for Network Address Translation, which is what I think you want. |
| 77 |
|
| 78 |
Look at your routing table. 216.132.251.224/27 is being routed back out |
| 79 |
over the interface it is coming in on, w1g1ppp. You are only able to |
| 80 |
access 216.132.251.227 from the internet because it is located on the |
| 81 |
same physical interface that is doing your routing. |
| 82 |
|
| 83 |
My advice is to purchase another ethernet card, so you can physically |
| 84 |
separate the 216.132.251.224/27 and 192.168.1.0/24 networks. If asterisk |
| 85 |
has to exist on the router, then bind it to the 209.101.232.82 address. |
| 86 |
You'll also need to set up the iptables rules for NAT'ing your |
| 87 |
192.168.1.0/24 network. |
| 88 |
|
| 89 |
Best, |
| 90 |
Dave |
| 91 |
|
| 92 |
-- |
| 93 |
gentoo-user@g.o mailing list |
Archives