help with gateway behind hardware router


Results 1 to 3 of 3

Thread: help with gateway behind hardware router

  1. #1
    Join Date
    Nov 2003
    Location
    Victoria, British Columbia
    Posts
    43

    help with gateway behind hardware router

    Hello all,

    Okay, not new to Linux, but very new to routing, gateways, and iptables so I apologize if this question is very newbie like.

    Here goes:

    I have a network that is currently protected by a hardware router/firewall. This device currently also serves as the office gateway machine and provides all of the NAT, and port forwarding services.

    I want to / need to build a seperate gateway machine for the office network as the hardware router does not provide everything we need for the services we would like to provide.

    I will be building this gateway on a Linux machine, but am having some issues due to limited knowledge.

    I have read many how-to documents and all that I have have found assume that your gateway machine will also be a firewall and have one side connected to the Internet and the other side connected to your LAN.

    In my case this will not be the case. One side of the gateway will connect to the hardware router and the other side will connect to the office LAN.

    LAN <---> Linux gateway <---> hardware router <---> Internet

    The LAN currently uses static IPs within the 192.168.0.xxx range and I attempted to setup the gateway using 192.168.0.180 (255.255.255.0) for the NIC connecting to the hardware router and 192.168.0.181 (255.255.255.0) for the NIC connecting to the LAN and had no success.

    In my reading this morning I noted that the issue may be having both sides of the gateway within the same subnet range, but I am not sure.

    I would be extremely grateful if someone could help me get started with this gateway build as I know once I get it at least off the ground it will all start falling into place after that. I know that the setup I am trying to create is not unusual, it is just something that is currently outside of my scope of knowlege.

    Thanks to any and all who can assist
    mdkelly

  2. #2
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    The problem with your new gateway is that you have both NICs on the same IP subnet. The most logical thing to do would be to change the NIC that connects to the hardware router to a different subnet. That way you don't need to change the IP addresses of the devices on your LAN.

    Here's some other things you'll also need to do:

    - change the IP address of the internal NIC in the hardware router to the same subnet.

    - create a static route in the hardware router to the 192.168.0.x subnet with a gateway address of the external NIC in your new gateway machine

    Depending on the sophistication of your hardware router, as soon as you change the IP address on it and insert the new gateway device into your network, all Internet access for your LAN will probably cease to work.
    You'll need to have your new gateway device completely configured and you may have to remove all the NAT and port forwarding settings from your hardware router to regain Internet connectivity for your LAN.

    If you have a way to back up and restore the configuration of your hardware router, it would sure help in testing. Back up the config of the router, then make the necesarry changes and test. If you can't get it to work or you run out of time, your can restore the router back to it's original working state and have your network back in business.

    Some small, inexpensive routers don't have the ability to handle more than one internal IP subnet. That's something you may want to check in to before you start.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

  3. #3
    Join Date
    Nov 2003
    Location
    Victoria, British Columbia
    Posts
    43
    cowanrl: Thank you for your reply.

    I figured that I would have to have the two NICs in the gateway on different subnets. Here is what I have now (will explain after)

    router (192.168.0.199) <-> (192.168.0.180) external gateway -- internal gateway (192.168.1.100) <-> 192.168.1.111 (my test machine)

    Both NICs in the gateway are using the 255.255.255.0 subnet mask (I am not sure if this is correct or not as there are two distinct subnet ranges)

    I agree that changing the external NIC address on the gateway is the way to go so I do not have to change all other machines, but for now I have to leave the rest of the network the way it is until I can get this working.

    The hardware router I am working with is a small inexpensive one (DLink DI-624) and it does not support static routes, the main reason I am trying to build a gateway.

    I can currently ping the internal NIC of the gateway with my test machine, but that is about as far as the packets will go, I still need to figure out how to get the packets through to the extrenal NIC of the gateway and have those passed on to the router and then back trough the gateway.

    Thank you for any further assistance
    mdkelly

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •