On Fri, 6 Jun 2008, Fred wrote:
> Greetings, everyone! I've been doing google searches to see whether
> this is possible or not and, if so, how it is done, but I haven't
> found a definitive answer.
>
> Some how utilizing the [b]route add -net[/b] command, I would expect,
> I should be able to configure TS-Linux to take otherwise
> undeliverable IP packets from eth2 and forward them out eth0, maybe
> operating as a default router, but I don't know how it's configured.
>
> I currently can plug my laptop in to eth2 and the TS-7250's DHCP
> server provides my laptop with an IP address of 192.168.1.100 and a
> default gateway of 192.168.1.1.
>
> There's a whole private network of 10.232.48.X on eth0 and I want to
> be able to [b]ping 10.232.48.84[/b] from my laptop and have the Linux
> route shuffle the ICMP frames between the two Ethernet interfaces.
>
> If it's supposed to work automatically in the TS distribution of the
> IP protocol stack, mine isn't working. }:-}
>
> Question: Can I ask Linux to do what I want? Other question: How?
>
> BTW: I started searching howtos and found myself swamped and walking
> off in to other avenues of research since my Attention Deficit
> Disorder starts to creep in when other interesting things stream
> past. But I can imagine that there has [b]got[/b] to be a howto on
> this somewhere. If someone knows where it is, a reference would be
> most appreciated.
>
> Thanks!
You want NAT routing, ie iptables' MASQUERADE module. Not sure if ts-linux
comes with this so you may have to make your own kernel. There's been
*lots* of info on this group about making 2.6 kernels if you're curious.
Basically, you want a number of different pieces to get what you want:
1) DHCP
sounds like you already have this working, however you'll want it to hand
out a few more pieces of information - the ts72xx's eth2 ip as
gateway/default route, and a dns server if you have one. Also make sure
that it only hands out addresses on interfaces it's supposed to, eth2 in
your example!
2) NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
this command causes the ts72xx to accepts packets on eth2 destined for
eth0, then change the *source* ip to the ts72xx's eth0 ip and send them
out. When a reply comes, it looks up the connection in the connection
tracking table and changes the destination ip to your laptop and sends it
back out eth2.
This is called Network Address Translation, or NAT since it translates
the addresses in each direction in order to provide the *illusion* of a
direct link between the networks.
Since the connection *must* be in the connection tracking table for return
packets to reach the machine, you can't initiate connections to it. If you
need to do this, you will need to forward some ports.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 12345 -j DNAT \
--to-dest 192.168.1.100:12345
will allow you to connect to the laptop on port 12345 from your 10.x
network, by specifying the ts72xx's eth0 ip as the destination. You can
have up to 65535 of these if you want, since that's how many ports are
available.
3) FORWARDING
echo 1 > /proc/sys/net/ipv4/ip_forward
This command is *crucial* - it tells the kernel that it's allowed to
accept packets from one place and send them out again.
4) DNS
If you want your machine to be able to figure out what google.com's ip
address is, you need DNS. Usually, the router device provides a simple dns
forwarder, however you can also set it up to hand out a dns server
somewhere on eth0's network. Whichever way you go, make sure your DHCP
server is handing out the ip of a usable dns server.
HTH
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|