Timothy Murphy wrote:
internet ---- A (nat) ---192.168.2.0/24---B---192.168.3.0/24---C
some elements are missing, eg: either iptables-nat rules on B or routes
(maybe dynamic, eg RIP?) on A must exist, otherwise C won't be able to
even reach A. Let's assume no NAT on A.
C can't get past A: it's possible as A knows about 192.168.2.0/24 but
nothing about 192.168.3.0/24 and thus does not let it go through (and
even if it does, it doesn't masquerade those packets).
so:
1) make shorewall aware of the existence of C's network by adding nat
rules on A to allow C "reach the internet": iptables -t nat -A
POSTROUTING -s 192.168.3.0/24 -j MASQUERADE
or
2) bridge the two NICs on B in a bridge and suppress B's DHCP server
(thru fedora's network configuration system)
I would go for #2 unless you specifically need to separate airwaves from
copper.
no pints for me as I failed again to get a dream job in my dream city :|
p.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
