Date: Tue, 4 May 1999 05:14:19 -0500 (CDT) From: Richard Wackerbarth <rkw@dataplex.net> To: Thomas Uhrfelt <thomas.uhrfelt@plymovent.se> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@FreeBSD.ORG> Subject: Re: SV: routing over Inet with FreeBSD 3.1R/S Message-ID: <Pine.BSF.4.05.9905040510520.11311-100000@nomad.dataplex.net> In-Reply-To: <01BE9606.90D23CE0.thomas.uhrfelt@plymovent.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 May 1999, Thomas Uhrfelt wrote: > > Thomas Uhrfelt wrote: > > > > > > I have a question about routing "homenets" via Internet, here comes > > > a description of my 'thought' out configuration. > > > > > > [C1:1-o] <---> [i-C1-o] <--Internet--> [o-C2-i] <---> [o-C2:1] > > > > > > C1 and C2 are routers/firewalls on completely different geographic > > > sites, C1:1 and C2:1 simulates workstations within the buildings > > > behind the firewall. > > > > > > -o Outside interface > > > -i Inside interface > > > > > > IPs > > > --- > > > C1:1-o 192.168.1.100 > > > C1-i 192.168.1.1 > > > C1-o 36.100.100.1 (public IP) > > > C2-o 37.100.100.1 (public IP) > > > C2-i 192.168.10.1 > > > C2:1-o 192.168.10.100 > > > > > > With these routing tables will a packet from C1:1 be able to use > > > for > > > example > > > telnet 192.168.10.100 to address the computer C2:1 directly, as in > > > will the packet be routed through the net correctly? > > > > No, you're not allowed to place 192.168.x.x addresses on the public > > internet, that's why they're called PRIVATE addresses. If you make > > your routers do Network Address Translation you can accomplish > > this, depending on the size of the two private networks. > > I am performing NAT, but my problem is that I need to be able to > address some of the "inside" computers on the C2 net directly without > having a public IP, how can I accomplish that? I do know that 192 > addresses are private, but since I route them directly to my other > private network that shouldnt pose a problem or? Encapsulate the private network packets with a tunnel between the firewalls (or to designated machines behind the firewall). That will make it appear that the global internet is bypassed and the firewalls are only one hop apart. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905040510520.11311-100000>