On Sun, Jun 13, 2004 at 10:37:43PM -0500, Jeff Vian wrote:
> T. 'Nifty New Hat' Mitchell wrote:
> >On Fri, Jun 11, 2004 at 05:54:54AM -0400, gswallow@xxxxxxxxxx wrote:
> >
> >
> >>Am successfully bonding two dual PII266 machines via crossover
> >>cables to make a workstation out of the hardware I have 'round the
> >>house. node1 and node2 on network.com (192.168.2.0) can ping between
> >>eachother just fine on each machine's bond0 NIC
> >>(192.168.2.1/192.168.2.2 node1/node2). eth0 and eth1 in each machine
> >>are SLAVE of bond0 device.
> >
> >>node1 can access internet fine...
> >
> >>What amm I getting wrong here? And, please let me know if ya need more
> >>infor.
> >>
> >>
> >
> >Remember that private internets are not routed!
> >
> > # The Internet Assigned Numbers Authority (IANA) has reserved the
> > # following three blocks of the IP address space for private internets:
> > #
> > # 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > # 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > # 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> >What this means is that there should never be a published route
> >between net 192.168.2.xx and your 192.168.1.xx net (or any other
> >private internet).
> >
> >
> You are correct if the route would cross any portion of the public
> network/internet. However, private networks can be and often are routed
> within an intranet.
>
> >Host routes and gateway hosts may solve the problem. Check the man
> >page for route I see some examples at this URL that look close
> >
....
> >The key is that private nets are not routed and very special actions
> >are needed to get to and from the Internet from the second private
> >net.
> >
> > "private <--> public"
> >is common and easy
> >
> > "private <--> private <--> public"
> >is trouble.
> >
> >
> Not when using NAT or MASQ at the interface to the public. A properly
> configured NAT router will handle this as easily (in my experience) as
> the first one above. YMMV depending on config and hardware.
Yes NAT and MASQ solve the most common class of problems.
I was musing on the more general case of a single public routed IP
address and then only private nets inside. Since it is nearly
impossible to get a set of net numbers the interesting cases of public
to private nets needs more than a nat/squid solution.
/-<-->- 192.168.2 <->\ /-<-->- 192.168.4
| | |
public <-->|-<-->- 192.168.1 -<-|->- 10.0.1.0 -<-|-> 192.168.5
| |
\-<-->- 192.168.3 <->/ \-<-->- 192.168.5
I see that the original poster solved it by getting the sense
of direction corrected on one of the boxes so we are good enough
for now.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
