Web lists-archives.com

Re: Wan/Lan problem




On March 30, 2017 8:27:54 PM EDT, Mike McClain <mike.junk.46@xxxxxxxxxx> wrote:
>On Thu, Mar 30, 2017 at 07:25:52AM -0400, Henning Follmann wrote:
>> On March 28, 2017 7:46:02 PM EDT, Mike McClain
><mike.junk.46@xxxxxxxxxx> wrote:
><snip>
>> >The situation is this:
>> >
>> >     phone        eth0         eth1
>> >AT&T-------|   |--------|   |--------|   |-------|   |
>> >        AT&T modem/     Linux         my         Win2K
>> >            router       box         router       box
>> >
>> >
>> >#   /etc/hosts
>> >192.168.1.254    ATTrouter
>> >#192.168.1.64    outbound.att.net    att
>> >127.0.0.1       localhost
>> >192.168.1.2     playground      play
>> >192.168.1.3     south40         s40
>> >192.168.1.1     router
>> ># ----------------------- end hosts
>>
>> You put eth0 and eth1 into the same network segment.
>> That most likely is your problem
>> Either you bridge eth0 and eth1 or if you want your linux box as a
>firewall you pick a different ntwork for eth1
>>
>> --
>> Henning Follmann
>
>If I'm understanding you you're saying that ATT's router having an
>address of 192.168.1.254 on eth0 while the Linux box(play), Win2k(s40)
>and my router have addresses 192.168.1.1,2&3 on eth1 is the root of
>the problem. Since ATT's router's address is immutable I either need
>to reconfigure 2 computers and a router to a different net,
>192.168.2.0 or 10.0.0.0, for instance or learn to build bridges.
>
>Is my understanding correct?
>
>Thanks,
>Mike


Yes,
with your configuration both eth0 and eth1 are in 192.168.1.0/24. There is no way tobfigure out which to use.

However you have to provide more than just diferent subnets. The network behind the firewall now needs dns and most likely also dhcp.
You could install dnsmasq. It provides just this.

However based on your initial understanding of networking I wonder if something like pfsense makes more sense for you.


Another way to set this up would be a transparent firewall. In that case you bridge eth0 and eth1 without assigning an ip address at all. You might want to have athird network interface for maintenance tho.
Pfsense also privides that functionality.


-H

-- 
Henning Follmann