Hi,
The answer is that routing with a single network interface seems to be
working fine. You just need to set the runtime configuration variable
for "ROUTER" to "yes" (rcmgr set ROUTER "yes") and ip forwarding will
be turned on when the system is booted.
Static routes should work fine for this, I played around with gated
just to get some more experience with it.
The only oddity is that the windows boxes seem to want to add point-to-
point (255.255.255.255) routes for systems on non-class [A|B|C] networks.
In our case these are subnetted class C networks (.240 and .224). It isn't
a real problem, it's just odd.
Thanks to Robert Otterson <Robert.Otterson_at_digital.com> for reminding me
that I could add an alias to the current adapter and use that in the
routing tables. I didn't use this approach, but the input was nice.
Original Posting:
----- snip ----- snip ----- snip ----- snip ----- snip -----
> Hi,
>
> I'm trying to figure out if DU can be configured to route IP over a single
> ethernet interface.
>
> Here is the situation: We have a lab network that doesn't normally connect
> to our WAN. We have arranged to have a number of systems placed on a
> segment that connects to both the LAB router and one of our WAN routers.
>
> The WAN router knows how to route to the systems on this segment, but not
> to any of the other lab segments. The folks who control the WAN router
> don't really want to add the routes and it also cuts down on the traffic
> on the lab segments (not a bad thing).
>
> The Lab router knows how to route to all of the lab segments including
> the small segment that connects to the WAN router, but not how to route
> to the WAN.
>
> What we need to be able to do is allow the systems on the interconnected
> segment to talk to the WAN and the lab networks. With normal systems,
> it would seem possible to add static routes to each of the systems (or
> run a routing daemon in quiet mode to pickup the routes) -- unfortunately
> the bulk of these systems are Windows95 boxes and I don't feel like the
> static routes in M$'s stack are reliable (based on some bad experiences
> with non-persistent "persistent" routes under NT).
>
> I was thinking about using an PW600 that we have in the area as a pseudo-
> router -- the PW would have the routes populated in its routing table
> (either manually or using a routing daemon) and then would have IP
> forwarding turned on. The windows boxes would then use the PW as the
> default gateway.
>
> +------+ +------+
> | LAB | | WAN |
> LABS---+Router+-----+-----+-----+-----+-----+-----+Router+-------WAN
> | | | | | | | | |
> +------+ +-+-+ +-+-+ +-+-+ +-+-+ +-+-+ +------+
> |Win| |Win| |PW | |Win| |Win|
> +---+ +---+ +---+ +---+ +---+
>
> Caveats:
>
> 1. Yes, I know it's stupid and it introduces an additional hop.
>
> 2. We hope to hang this segment off of an internal firewall
> (which will allow limited traffic between the labs and the WAN
> while keeping most of the traffic from either on their respective
> nets) in the future. This is still a couple of months off and
> I need something now.
>
> 3. It may be possible to get a 'normal' wan connection added for the
> PW. This would take a week or two (getting another tulip card for the
> PW will take even longer), but it makes the setup seem a little silly.
> Should have the connection to the WAN router severed if we do this....
>
> 4. Yes, it would seem to make more sense to have one or the other router
> populated with all of the needed information. The problem seems to
> be that it would then make the routes available to the other segments
> attached to the router (unless some ACL magic is done). Our router
> folks don't want any additional work and keep passing the buck.
>
> Questions:
>
> 1. Will IP forwarding work on a single interface? The iprsetup man page
> doesn't say anything, but the GUI wants routed or gated running first
> and talks about two ethernet adapters.
>
> 2. Neither of the real routers is broadcasting routing info on this segment,
> nor listing for it. Would I be better off with just a static routing
> table, or should I be trying to run a routing daemon?
>
> I know I can find our via experimentation, but I'm hoping that someone
> out there has tried something like this and can cut a day or two worth
> of trial and error off of the implementation.
----- snip ----- snip ----- snip ----- snip ----- snip -----
Tom
--
+-----------------------------------+---------------------------------+
| Tom Webster | "Funny, I've never seen it |
| SysAdmin MDA-SSD ISS-IS-HB-S&O | do THAT before...." |
| webster_at_ssdpdc.lgb.cal.boeing.com | - Any user support person |
+-----------------------------------+---------------------------------+
| Unless clearly stated otherwise, all opinions are my own. |
+---------------------------------------------------------------------+
Received on Fri Aug 21 1998 - 00:00:03 NZST