[clug] routing advice needed

Kim Holburn kim.holburn at anu.edu.au
Wed Dec 3 09:34:59 GMT 2003


At 8:25 PM +1100 2003/12/03, Michael Manning wrote:
>I don't understand why you would want to route a packet destined for 
>your VPN back out to the internet.  Most times you would not be 
>using internet routable IP's in your VPN subnet anyway (unless you 
>had one real IP that was owned by the VPN server). Wouldn't you want 
>the packet addressed to the VPN (4.4.4.0/24) to be routed somewhere 
>in the VPN subnet?

All the IPs here are "real".  I want one internal subnet to connect 
to the remote subnet through the VPN as a peer and the other to see 
the remote subnet from the outside.  It's not that unusual is it?

>Are you trying to establish some sort of VPN (using GRE IP 
>tunneling?) that is using a real world IP?

Yes. (only not GRE)

>I am may be a little confused as to the outcomes you are trying 
>achieve. Could you elaborate a bit?
>
>On Wed, 2003-12-03 at 20:02, Kim Holburn wrote:
>
>>For you router guys out there I need some advice.
>>
>>I have a machine with 3 interfaces.
>>
>>eth0 -> 1.1.1.0/26 -> 1.1.1.1 -> internet
>>
>>eth1 -> 2.2.2.0/24 -> 2.2.2.0/24
>>                    -> 2.2.2.2 -> VPN to 4.4.4.0/24
>>
>>eth2 -> 3.3.3.0/24 -> internal net
>>
>>
>>default route is -> eth0 1.1.1.1
>>
>>if I have a packet from eth2 to the special subnet 4.4.4.0/24 I 
>>want to it to go via a gateway on eth1 2.2.2.2 (say a VPN) but
>>
>>if I have a packet from eth1 to 4.4.4.0/24 I want it to go via the 
>>default route (eth0).
>>
>>I use the command:
>>ip route 4.4.4.0/24 via 2.2.2.2 from 3.3.3.0/24
>>
>>but what I get is the same as if I ran:
>>
>>ip route 4.4.4.0/24 via 2.2.2.2
>>
>>Anyone have an idea how to do that?
>>
>
>
>
>--
>
>Michael Manning
>Red Hat Certified Engineer
>
>Email: michael at catman.homelinux.org


-- 
--
Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
      Andrea Leistra (rec.arts.sf.written.Robert-jordan)


More information about the linux mailing list