[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Second level Gateway question.





Maxim Kryachko wrote:

> I have two computers connected via serial port and talking TCP/IP (addresses 
> 192.168.x.x). One of them is also on the internal company network (addresses 
> 10.0.x.x ), acting as a router between "serial network" and company with 
> IPCHAINS . This network has its own gateway to the world (say, 10.0.55.55) Is 
> there is a way to configure this Linux router the way that the "serial 
> machine" behind it (with 192.168.x.x address) will see the Internet, i.e. 
> have it to know about the second gateway after one it uses by default.

Your problem is not that Linux doesn't know about the "second" router, 
because if you can access the net from the Linux machine it obviously
knows about the Internet gateway.

Your problem is that the outside net doesn't know anything about your 
internal ("serial") net.

The easiest solution is to to assign the inner computer (the one on
the other end of the serial line) an IP from the compnay wide range 
(10.0.x.x) and use PPP's (I assume you use PPP for the serial 
connection)  "proxy arp" option. This will enable the Linux host to 
answer ARP requests on  behalf of it's serial twin which is "hidden" 
from the network.

If for some reason you can't do this (because for example the sysadmin
doesn't know about the second computer and you prefer it that way ;-)
then you can use IP Masqurading on the Linux box to hide the "serial"
network behind the Linux host. The most simplistic way to turn 
masqarading on is: "ipchains -P forward MASQ" but you better read
up on IP masquarading and IPchains before you use this.

Either way, you'll have to make sure /proc/sys/net/ipv4/ip_forward has 
"1" in it and not "0".

Hope this helps,
Gilad.



-- 
Gilad Ben-Yossef <gilad@benyossef.com>
http://benyossef.com :: +972(54)756701
"Anything that can go wrong, will go wrong, while interrupts are disabled. "
	-- Murphey's law of kernel programing.


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il