Problems with network configuration

myself · #1 (**permalink**) 01-13-2004, 02:19 PM

I have a class C public network. I've split the class C into 3 parts and defined them on interfaces 0-2. Now I want to use the 192.168-class C on my interface 3. I defined eth3 as 192.168.1.1 and activated masquerading on this port. Now I can reach all systems in my class C from the internal network but not in the internet. Can someone give me a hand please ?

myself · #2 (**permalink**) 01-13-2004, 02:22 PM

My 3 parts are on 1-3 of course and 0 is my way into the internet. 4 is supposed to be internal with enabled masquerading.

SecApp · #3 (**permalink**) 01-13-2004, 03:11 PM

Openers:
<ul type="square">[*]gateway to Internet set on Internet interface?[*]what does a traceroute out say?[/list]

AJo · #4 (**permalink**) 01-13-2004, 04:08 PM

myself:
[ QUOTE ]
I have a class C public network. I've split the class C into 3 parts and defined them on interfaces 0-2

[/ QUOTE ]
3 parts?
/25 = 2 subnets
/26 = 4 subnets
/27 = 8 subnets

Dont quite follow what you mean and what you are trying to accomplish. Are you trying to split the public /24 net into subnets to use behind the ASL box?

myself · #5 (**permalink**) 01-14-2004, 08:09 AM

[ QUOTE ]
Openers:
<ul type="square">[*]gateway to Internet set on Internet interface?[*]what does a traceroute out say?[/list]

[/ QUOTE ]

Gateway is set, I can reach the internet from the public available IP's without any problems. Traceroute ends at 192.168.1.1 (eth4 of ASL).

I read somewhere in the forum that there are some problems with the masquerading feature of the ASL Kernel. Can someone verify this?

myself · #6 (**permalink**) 01-14-2004, 08:12 AM

[ QUOTE ]

Dont quite follow what you mean and what you are trying to accomplish. Are you trying to split the public /24 net into subnets to use behind the ASL box?

[/ QUOTE ]

I did split the /24 into one /25 (eth1) and two /26 (eth2 and 3). This is working without any problems. I want to add a private network on eth4 but this does not work.

SecApp · #7 (**permalink**) 01-14-2004, 10:19 PM

This is still sketchy for me; can you just enumerate the network numbers and masks on your interfaces, and your packetfilter and masquerading rules? Conceal any 'real' IP addresses...

myself · #8 (**permalink**) 01-15-2004, 08:21 AM

Ok, I'll try. Let's say my public IP range is 100.0.0.0/24 and my gateway is 99.0.0.1, then I have the following settings:

eth0: 99.0.0.2/29 with gateway 99.0.0.1
eth1: 100.0.0.1/26
eth2: 100.0.0.65/26
eth3: 100.0.0.129/25
eth4: 192.168.1.1/24 (called "private")

I have defined the rule <font color="blue">private_network -> Any -> Any -> Allow </font>
And NAT rule <font color="blue"> Masquerading / private_network / private </font>

I cannot reach the internet from private but from all other networks without any problems. I can also reach the complete 100.0.0.0 network from the private network but not the internet.

AJo · #9 (**permalink**) 01-15-2004, 12:21 PM

myself:

Well that gave a better picture =)

The MASQ rule looks odd. Looks like you are MASQ the private network as if it came from the private network, what is the same as not doing a MASQ at all.

The MASQ should look something like.
Rule type: masq
Network: private_network__
Interface: gateway_interface__ (ie. 99.0.0.2)

myself · #10 (**permalink**) 01-16-2004, 09:03 AM

[ QUOTE ]

Interface: gateway_interface__ (ie. 99.0.0.2)

[/ QUOTE ]

Yeah, thats it! Thanks a lot for helping !