Firewall & Routing - help!
Kevin F. Berrien
kblists at comcast.net
Thu Jun 10 22:22:10 UTC 2004
Rodolfo J. Paiz wrote:
> Please just post to the list and don't CC me. I'm getting two copies
> of everything you send, and it's confusing as hell. Thanks.
My appologies.
> I really suggest you use masquerading rather than "real" routing. Not
> necessary, and in this case slightly less secure since it actually
> permits the concept of incoming traffic. Not what you want, I think.
One of the requirements of this installation is to allow remote desktop
connections from subnet A (2 admin stations) to server on B. Thus, I'm
avoiding masq. The could spready theoretically to all desktops in B.
> This will provide the information for the system to set your default
> route. Do not set a default route somewhere else.
Well, after I set it, did a network restart, I have no default route,
and no traffic from 50.1. When I reboot, I get a default route (from a
previous attempt I had made at getting this working??). Then I DO get
traffic from the net via 50.1
If I remove the static route, no internet again.
As I posted on a follow up to my own post...
When I boot, I have the following routes...
Destination Gateway Genmask Flags Metric Ref Use
Iface
172.20.5.0 * 255.255.255.0 U 0 0 0
eth1
192.168.5.0 * 255.255.255.0 U 0 0 0
eth1
192.168.50.0 * 255.255.255.0 U 0 0 0
eth0
169.254.0.0 * 255.255.0.0 U 0 0 0
eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.50.1 0.0.0.0 UG 0 0 0
eth0
if I do a network restart it limits down to this....
Destination Gateway Genmask Flags Metric Ref Use
Iface
172.20.5.0 * 255.255.255.0 U 0 0 0
eth1
192.168.5.0 * 255.255.255.0 U 0 0 0
eth1
192.168.50.0 * 255.255.255.0 U 0 0 0
eth0
169.254.0.0 * 255.255.0.0 U 0 0 0
eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
So I loose my default route (that I got somewhere when I booted ).
So I need to shore up two things it seems.
1. default route or no default route. And keep the default route when I
boot/or restart netowork.
2. Remove some old routes in my table, like the 172.20.5.0, and have
that change stay after reboot (I'll need to know this after anyways, as
I have to change the ip/subnets from my test environment to the live
environment.
More information about the fedora-list
mailing list