Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi I'm supposed to setup an IPsec tunnel with another company's server.
They have provided me with the details and I have to make it work.
Our LAN IP behind our router is in the 10.1.1.0/24 subnet.
They are telling me, however, that I have to make all traffic going to their network appear to be coming from a LAN IP 172.16.100.10. They then want me, whilst pretending to be this host, connect to another subnet on their end eg 192.168.1.0/24.
I'm finding this unreasonable as they are dictating which network, traffic should appear to be coming from (I have no idea why, I'm starting to think they don't know what they are talking about)
How am I meant to masquerade traffic as coming from 172.17.128.156 and route all traffic for 192.168.1.0 through that link?
I'm running Centos 5.0 and I have shorewall installed as my firewall/router setup.
Lets say my default gw is eth0
I then create a virtual interface called eth0:1 with the ip address of 172.16.100.10
I can't add the route 192.168.1.0/24 to dev eth0:1 specifically can I? It will just appear as eth0......
If anyone has any ideas or experience with this could you please help?
I think you'll have to set up shorewall to use NAT. You tell it to send all traffic from your internal network destined for 192.168.1.0/24 over eth0:1.
I can't really help you with the specific configuration, but I'm sure you can find adequate documentation.
Ok I figured out the masquerading by just reading the shorewall documentation and trial and error. This is how far I've got but I can't get IPsec working as it won't encrypt the traffic.
First I created a virtual NIC
My interfaces are bonded and I'm using Linux HA so I already have virtual IP's on my router so rather than create a bond1:1 which is my HA (heartbeat) virtual NIC. I had to create a bond1:2
so I created the file /etc/sysconfig/network-scripts/ifcfg-bond1:2
(other people might create a ifcfg-eth0:1 or ifcfg-eth1:1 depending on what interface they are doing this on)
I gave this new interface the address of 172.17.128.156/32
I then added a route for the 192.168.1.0/24 network to go via this interface with a