cross routing

This is a discussion on cross routing within the Linux Networking forums, part of the Linux Forums category; Here is my problem: 2.2.2.1 +--------------+ Internet------------------| Remote Linux | | +--------------+ | | | | | VPN via Internet | | | | 2.2.2.129 +-------------+ +-------------+ | ADSL Router | | ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page cross routing

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-10-2004
Pascal Bourguignon
 
Posts: n/a
Default cross routing

Here is my problem:

2.2.2.1 +--------------+
Internet------------------| Remote Linux |
| +--------------+
| |
| |
| VPN via Internet
| |
| | 2.2.2.129
+-------------+ +-------------+
| ADSL Router | | Local Linux |
+-------------+ +-------------+
| 1.1.1.1 | 1.1.1.2
---------------+---------------+-----------+--------
| 2.2.2.130
+----------+
| Local WS |
+----------+


I've got a local LAN with a few public IP (1.1.1.*),
and a remote LAN with other public IP (2.2.2.128/25).

On the local LAN, I've got some workstation on a subnet of the remote
LAN (a range 2.2.2.128/25), this subnet is bridged thru a VPN between
the "Local Linux" box and the "Remote Linux" box.

The problem is how to set up the "Local Linux" box so as to route
packages coming from the local 2.2.2.128/25 range to "Remote Linux"
via the VPN, while at the same time keeping the default route for this
"Local Linux" thru the 1.1.1.1 ADSL Router (the local Internet
connection)?

The local (1.1.1.*) traffic should be routed locally, while the remote
range (2.2.2.128/25) should be routed thru the VPN.



On "Local Linux" I tried:

route default gw 1.1.1.1
iptables -A FORWARD --source 2.2.2.128/25 -o ppp0

but it seems that -o only "selects" the packets and does not modify
their routing.

I would like to speficy that packets coming from 2.2.2.128/25 should
be routed to 2.2.2.1 (ie. via the ppp0 VPN interface), and packets
coming from other IP (including generated locally) should be routed
normally (with the default to 1.1.1.1). How can I do that?


--
__Pascal_Bourguignon__ http://www.informatimago.com/
There is no worse tyranny than to force a man to pay for what he doesn't
want merely because you think it would be good for him.--Robert Heinlein
http://www.theadvocates.org/
Reply With Quote
  #2 (permalink)  
Old 06-11-2004
David Efflandt
 
Posts: n/a
Default Re: cross routing
On 10 Jun 2004, Pascal Bourguignon <spam@thalassa.informatimago.com> wrote:
>
> Here is my problem:
>
> 2.2.2.1 +--------------+
> Internet------------------| Remote Linux |
> | +--------------+
> | |
> | |
> | VPN via Internet
> | |
> | | 2.2.2.129
> +-------------+ +-------------+
> | ADSL Router | | Local Linux |
> +-------------+ +-------------+
> | 1.1.1.1 | 1.1.1.2
> ---------------+---------------+-----------+--------
> | 2.2.2.130
> +----------+
> | Local WS |
> +----------+
>
>
> I've got a local LAN with a few public IP (1.1.1.*),
> and a remote LAN with other public IP (2.2.2.128/25).
>
> On the local LAN, I've got some workstation on a subnet of the remote
> LAN (a range 2.2.2.128/25), this subnet is bridged thru a VPN between
> the "Local Linux" box and the "Remote Linux" box.
>
> The problem is how to set up the "Local Linux" box so as to route
> packages coming from the local 2.2.2.128/25 range to "Remote Linux"
> via the VPN, while at the same time keeping the default route for this
> "Local Linux" thru the 1.1.1.1 ADSL Router (the local Internet
> connection)?
>
> The local (1.1.1.*) traffic should be routed locally, while the remote
> range (2.2.2.128/25) should be routed thru the VPN.

Just curious if proxy arp would work for a vpn? In other words if route
for ipsec0 covered 2.2.2.128/25 and assuming eth0 is 2.2.2.1, would eth0
answer for ipsec0 IPs, assuming that iptables allowed it and:

echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp

I enable proxy_arp on /24 eth0 LAN interface, so main LAN does not need a
gateway to find /29 wireless subnet on eth1 (eth0 answers arp for eth1
IPs). But I have not tried proxy_arp for a vpn.

--
David Efflandt - All spam ignored http://www.de-srv.com/
Reply With Quote
  #3 (permalink)  
Old 06-12-2004
Antoine EMERIT
 
Posts: n/a
Default Re: cross routing
Pascal Bourguignon <spam@thalassa.informatimago.com> wrote
news:87fz949ldx.fsf@thalassa.informatimago.com:

> The local (1.1.1.*) traffic should be routed locally, while the remote
> range (2.2.2.128/25) should be routed thru the VPN.

> route default gw 1.1.1.1
add
route add 2.2.2.0 netmask 255.255.255.0 gw <local vpn ip>

where <local vpn ip> should be the ip of the ppp0 device (or the local ip
of any vpn device).

> iptables -A FORWARD --source 2.2.2.128/25 -o ppp0

Filtering ,and so iptables, are not involved in this process.

You may also have a look to iproute2, but it would be too much complicated
to solve your "simple" routing problem.


Regards


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:33 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0