network gateway with a foreign IP address
Bill Davidsen
davidsen at tmr.com
Sat Apr 19 19:22:00 UTC 2008
Claude Jones wrote:
> The problem:
> Company has switched over to FIOS and I have to move behind a
> router
> I will be behind a 10.0.0.1 LAN on a Cisco Router
> I will be configured with an outside address, let's say
> 70.xxx.xxx.120 for argument's sake
There's the problem, you don't want an "outside address" on your
machine, because it's not outside. The outside address should be on the
outward side of the router, and should be NATed to your private address.
> Traffic to that address from the outside will be routed to my box
> inside the network by the Cisco
> I need to tell the box/outside NIC that its gateway is 10.0.0.1
> even though it's not an address within the IP/subnet that the
> NIC is configured for
It's not that you can't do this, it's that you probably don't want to do
this. If someone wants to put outside addresses on inside machines for
political reasons, like "we need outside connectivity" or such, that's
the kind of reasoning used by people who took a semester each of FORTRAN
and COBOL as part of their MBA. The router should be doing NAT in both
directions to make this work in a sane way, and you have far better
security by having private IP inside the firewall, so that there is no
way packets between trusted machines could leak.
>
> There are reasons for this
> Before you say it can't be done, google my subject line and
> you'll find this nice howto for Debian
> http://siddhesh.in/foreign-gateway.php
> I'm wondering if I need to pursue the route in that howto, or
> whether I can configure this with the system-config-network GUI
> in Fedora -- I see there's a 'Route' tab in there, but I've
> never used it
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list