[NCLUG] I'm wearing my ball and ipchains. Please help.
R P Herrold
herrold at owlriver.com
Tue Feb 20 00:32:47 MST 2001
On Mon, 19 Feb 2001, Matt Taggart wrote:
> R P Herrold writes...
>
> > There needs to be a simple forward (no masq) rule bridging
> > 192.168.2.0/24 and 192.168.1.0/24
>
> Only if they aren't all using the masq box as a gateway. Assuming they are it
> should just work. Are you sure the linksys box or a chain aren't getting in
> the way? Maybe you could post your ipchains?
0.0.0.0 --- FW --- 192.169.1.0/24
|
|------ 192.168.2.0/24
Three rules ...
... we masq -S 192.169.1.0/24 -D 0.0.0.0 and
masq -S 192.169.1.0/24 -D 0.0.0.0 and
fwd -b -S 192.169.1.0/24 -D 192.169.1.0/24
(the -b makes it bi-directional between -S and -D)
[We could reduce the first to
masq -S 192.169.1.0/22 -D 0.0.0.0 ]
The forward rule is needed to allow traffic from
192.168.2.0/24 to turn the corner to 192.169.1.0/24 and vice
versa ... no? This has been my experience in more complex
frame relay routing situations.
But yes, a listing of the masq and fwd rules is in order, for
diagnosis
-- Russ
More information about the NCLUG
mailing list