[KLUG Members] Routing issue

John Pesce members@kalamazoolinux.org
Fri, 15 Aug 2003 10:49:28 -0400 (EDT)
Previous message: [KLUG Members] Routing issue
Next message: [KLUG Members] Routing issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 14 Aug 2003, Adam Williams wrote:

> > Ok maybe this is clearer :)
> > I have a linux box sitting between two subnets.
> > I have a subnet 192.168.3.0/24 connected to eth0 with IP  192.168.3.1.
> > I have a subnet 192.168.2.0/24 connected to eth1 with IP  192.168.2.1.
> > I have IP forwarding turned on and TCP traffic flows between them.
> > I need to connect to a new dedicated T1 with a Cisco router/CSU/DSU at 
> > each end that I have no control over. I am presented with an ethernet port 
> > on the Cisco with an address of 10.7.35.1
> 
> Ah, so they determined the IP.  How are the remote nets going to learn
> the router to your 192.168.x.x nets?

Each of the other locations on the other side of the T1 will all have 
static routes to the others, including my 10.7.35.0/24 subnet.
So for any packets they get from my 10.7.35.0/24 subnet they will be able 
to get back responses to me. If I put in the third NIC and some static 
routes and some IPTable entries to protect myself from them I know I can 
get TCP and UDP traffic flowing without problems. It is the multicast 
between subnets I'm worried about.

> > On the other end of the T1 are five subnets that I don't have control of. 
> Gotcha, the lack of control thing is important.

umm, well not really "lack" of control. The T1s and routers linking the 
sites are being installed by another company for the express purpose of 
connecting thier sites to us. They are configuring all that, but they are 
working with me to get this multicast program running between them.  So I 
do have influence.

> > They are somehow patched together with Cisco routers and T1s as well.
> 
> For kicks, can you plug a packet-sniffer/ethereal-enabled-PC into the
> router and see if routing-protocol and/or multi-cast packets are
> dribbling out onto the floor?

Not yet. The router hasn't got here yet. They are still configuring all 
the routers to ship to each location.

 
> > All the Cisco routers have dense mode multicast enabled.
> > The remote subnets are 10.7.31.0/24, 10.7.32.0/24, 10.7.33.0/24, 
> > 10.7.34.0/24, 10.7.36.0/24
> > My thought is to put a third NIC card in the linux box and make that 
> > interface 10.7.35.2. Then add some static routes to direct the flow.
> 
> Ok, makes sense.  You could also just plug it into your switch and
> create an aliased interface on that subnet.  Depends how much you trust
> the remote nets.

I don't trust them. This T1 is being tied into one of my subnets that is 
connected to other internal networks. I want it going through the linux 
box so I can use IPTables.

> > > Doesn't the router have an ethernet port?  That would reduce a hop.
> > Lost me. Yes it has an ethernet port with an address of 10.7.35.1
> > I need to plug an ethernet cable into it going somewhere, so I assume into 
> > the third NIC so the packets can be routed through the linux box with 
> > IPtables retricting access to my LAN.
> > At each of the remote five LANs and on my local LAN are linux boxes 
> > running a multicast application that connects to the same multicast group 
> > as a kind of n-way party line.
> 
> So the multicast application RUNS on Linux?

Yep, all the computers involved are Redhat 9.0 Linux and under my control 
at all remote locations. It is the T1s and routers that I do not have direct 
control of.
 
> > How do I patch this Cisco to my linux box that sits between my two 
> > existing LANs?
> 
> 1.) Investigate if it is emmiting RIP or OSPF updates.

hmm. not here yet. I could ask

> 2.) install third nic

check

> 3.) x-over cable between router & third nic

not here yet

> 4.) configure third nic as 10.7.35.2

check

> 5.) Configure routing based upon results of #1

=)

> 6.) ping/traceroute test

Should work ok

> 7.) Multicast config (the hard part of this question)

yeah. I read those two howtos before I sent the email. I only have a week 
to set this up once the routers get here and we activate them. Since the 
routers will be preconfigured before they get here I need to establish how 
I can do this as soon as possible.

At the other locations the computers will probibly be on the same switch 
as the router like you mentioned, but here I have to limit the 
connectivity to just this one LAN without further restricting my other 
local LANs from getting to this one.
 
> Linux Multicast HOWTO
> http://www.icewalkers.com/Linux/Howto/Multicast-HOWTO.html#toc8
> 
> LinuxAdvancedRouting& Traffic Control HOWTO
> http://lartc.org/howto/
Previous message: [KLUG Members] Routing issue
Next message: [KLUG Members] Routing issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]