Hi,
I'm trying to figure out if DU can be configured to route IP over a single
ethernet interface.
Here is the situation: We have a lab network that doesn't normally connect
to our WAN. We have arranged to have a number of systems placed on a
segment that connects to both the LAB router and one of our WAN routers.
The WAN router knows how to route to the systems on this segment, but not
to any of the other lab segments. The folks who control the WAN router
don't really want to add the routes and it also cuts down on the traffic
on the lab segments (not a bad thing).
The Lab router knows how to route to all of the lab segments including
the small segment that connects to the WAN router, but not how to route
to the WAN.
What we need to be able to do is allow the systems on the interconnected
segment to talk to the WAN and the lab networks. With normal systems,
it would seem possible to add static routes to each of the systems (or
run a routing daemon in quiet mode to pickup the routes) -- unfortunately
the bulk of these systems are Windows95 boxes and I don't feel like the
static routes in M$'s stack are reliable (based on some bad experiences
with non-persistent "persistent" routes under NT).
I was thinking about using an PW600 that we have in the area as a pseudo-
router -- the PW would have the routes populated in its routing table
(either manually or using a routing daemon) and then would have IP
forwarding turned on. The windows boxes would then use the PW as the
default gateway.
+------+ +------+
| LAB | | WAN |
LABS---+Router+-----+-----+-----+-----+-----+-----+Router+-------WAN
| | | | | | | | |
+------+ +-+-+ +-+-+ +-+-+ +-+-+ +-+-+ +------+
|Win| |Win| |PW | |Win| |Win|
+---+ +---+ +---+ +---+ +---+
Caveats:
1. Yes, I know it's stupid and it introduces an additional hop.
2. We hope to hang this segment off of an internal firewall
(which will allow limited traffic between the labs and the WAN
while keeping most of the traffic from either on their respective
nets) in the future. This is still a couple of months off and
I need something now.
3. It may be possible to get a 'normal' wan connection added for the
PW. This would take a week or two (getting another tulip card for the
PW will take even longer), but it makes the setup seem a little silly.
Should have the connection to the WAN router severed if we do this....
4. Yes, it would seem to make more sense to have one or the other router
populated with all of the needed information. The problem seems to
be that it would then make the routes available to the other segments
attached to the router (unless some ACL magic is done). Our router
folks don't want any additional work and keep passing the buck.
Questions:
1. Will IP forwarding work on a single interface? The iprsetup man page
doesn't say anything, but the GUI wants routed or gated running first
and talks about two ethernet adapters.
2. Neither of the real routers is broadcasting routing info on this segment,
nor listing for it. Would I be better off with just a static routing
table, or should I be trying to run a routing daemon?
I know I can find our via experimentation, but I'm hoping that someone
out there has tried something like this and can cut a day or two worth
of trial and error off of the implementation.
Any thoughts?
Tom
--
+-----------------------------------+---------------------------------+
| Tom Webster | "Funny, I've never seen it |
| SysAdmin MDA-SSD ISS-IS-HB-S&O | do THAT before...." |
| webster_at_ssdpdc.lgb.cal.boeing.com | - Any user support person |
+-----------------------------------+---------------------------------+
| Unless clearly stated otherwise, all opinions are my own. |
+---------------------------------------------------------------------+
Received on Thu Aug 13 1998 - 18:43:22 NZST