headers
tony.chamberlain | 30 Jan 17:10

Routing

I have a machine, accessible from outside our company, running PPP.
It's local IP address is 10.0.1.29 (the address it gets from PPP).
I also have another machine whose IP address is 10.0.1.3 and also has
an IP address of 192.168.5.88 connected to our local network.

I can get to the 10.0.1.29 machine through an external IP address (which
I won't list here, for security reasons) and from there ssh to 10.0.1.3
and from 10.0.1.3 to the 192 network.

I would like to be able to get right from 10.0.1.29 to the 192 network.
On 10.0.1.3 I set the ip_forard (I forgot exaclty what it is called) to 1
and restarted the network.

On 10.0.1.29 I did an

     ip route add '192.168.5.0/24' via 10.0.1.3 dev ppp0
and
     ip route add '192.168.5.0/24' via 10.0.1.3 

tried both.  It was entered succesfully and showed up in "route -n" but
when I tried from 10.0.1.29 to do for example

     ssh -l root 192.168.5.191

it wouldn't let me and couldn't connect (though it would work from 10.0.1.3).

Did I miss something, or what else do I need to do?

I somehow got this to work earlier between our 192.168.5 nextwork and
our 10.0.0.0 network where a machine (10.0.0.215/192.168.5.15) was on
(Continue reading)

Permalink | Reply | 14 comments |
headers
Bill Unruh | 30 Jan 17:38
Picon
Picon
Favicon

Re: Routing

On Fri, 30 Jan 2009, tony.chamberlain <at> lemko.com wrote:

> I have a machine, accessible from outside our company, running PPP.
> It's local IP address is 10.0.1.29 (the address it gets from PPP).
> I also have another machine whose IP address is 10.0.1.3 and also has
> an IP address of 192.168.5.88 connected to our local network.
>
> I can get to the 10.0.1.29 machine through an external IP address (which
> I won't list here, for security reasons) and from there ssh to 10.0.1.3
> and from 10.0.1.3 to the 192 network.
>
> I would like to be able to get right from 10.0.1.29 to the 192 network.
> On 10.0.1.3 I set the ip_forard (I forgot exaclty what it is called) to 1
> and restarted the network.

  192.168.x.x addresses are not forwarded by
routers. They are simply thrown away as private addresses. NOw, you could on
the 10.0.1.29 put in a routing table telling it to send all such packets to
10.0.1.3, but if there are any routers in the way, they may well discard it.

>
> On 10.0.1.29 I did an
>
>     ip route add '192.168.5.0/24' via 10.0.1.3 dev ppp0
> and
>     ip route add '192.168.5.0/24' via 10.0.1.3
>
> tried both.  It was entered succesfully and showed up in "route -n" but
> when I tried from 10.0.1.29 to do for example
>
(Continue reading)

Permalink | Reply | 8 comments |
headers
James Carlson | 30 Jan 19:06

Re: Routing

Bill Unruh writes:
>   192.168.x.x addresses are not forwarded by
> routers. They are simply thrown away as private addresses.

That's not true without qualification.  The correct statement is that
those "private" addresses are not forwardable on the open Internet.
The routes for the RFC 1918 address ranges don't exist by
administrative design, and the ranges are (sometimes) filtered at the
edges of provider networks.

However, no known router will discard them arbitrarily, so the
injunction against letting them pass through routers doesn't make
sense here.

--

-- 
James Carlson         42.703N 71.076W         <carlsonj <at> workingcode.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Permalink | Reply | 0 comments |
headers
James Carlson | 31 Jan 00:05

Re: Routing

tony.chamberlain <at> lemko.com writes:
> I have a machine, accessible from outside our company, running PPP.
> It's local IP address is 10.0.1.29 (the address it gets from PPP).
> I also have another machine whose IP address is 10.0.1.3 and also has
> an IP address of 192.168.5.88 connected to our local network.
> 
> I can get to the 10.0.1.29 machine through an external IP address (which
> I won't list here, for security reasons) and from there ssh to 10.0.1.3
> and from 10.0.1.3 to the 192 network.

Unless that external IP address is actually a system routed on the
inside of some corporate network (where there's an overlay for the RFC
1918 ranges), what you're describing sounds very odd.

Typically, systems with RFC 1918 are accessible from the Internet only
through a NAT device that does some sort of static address and/or port
translation -- meaning that you use a _different_ address to reach it,
not the RFC 1918 address.

Are you perhaps misstating the addresses in use as some sort of
security measure, or is there more going on here than you're telling
us about?

> I would like to be able to get right from 10.0.1.29 to the 192 network.
> On 10.0.1.3 I set the ip_forard (I forgot exaclty what it is called) to 1
> and restarted the network.

You'll also need routes on the 192 network to point back to the 10
network.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane