static routing question (cent os 4.x server)
i have a client who has a need to route traffic from one server back to the lan, apparently, and wants to do it via static routes. i most likely don't have all the details on this, but it seems something like this (fictitious IPs):
cable modem/gateway: 180.0.0.10 -> hub server: 180.0.0.90 router: 180.0.0.89 router lan ip: 192.168.40.1 lan range: 192.168.40.0/24 the cable modem connects to a small hub with at least the router and this one server attached. client wants to set a static route from the server (180.0.0.90) to the lan IP of the router (192.168.40.1). first, is this even possible? second, is it advisable? i tried looking at setting a static route with something like the following but am hesitant to leave it in place. i'm not even convinced it will work. Code:
ip route add 192.168.40.0/24 via 180.0.0.10 dev eth0 thanks for any tips. |
hi foilpan,
ok, from your provided information here Quote:
and you cant directly accessing LAN behind NAT router from the servers view - so, i hope the answer is clear. HTH. |
thanks for the reply. as i suspected, i didn't have all the details, but it still can't happen the way they want. aside from not being able to route to RFC 1918 networks from the WAN side, there are some other things in the mix.
|
hi,
Quote:
by using overlapping NAT - or let us say iptables DNAT in linux - you can make that server which resides on the net "become" the member of the LAN - but, that only goes from the server perspective. so the route probably : server : ip route LAN next-hop via router router : iptables -t nat -I POSTROUTING here ... iptables -t nat -I PREROUTING here ... LAN : ip route 0/0 next-hop via router so - from there you can see that it become useless :) and, it really needs a special/careful design to do it. HTH. |
thanks, rossonieri#1. that makes a bit more sense, though i'm unsure of what the router/firewall is running and if it's capable.
regardless, i think the simpler approach would be to keep the server behind the firewall and otherwise resolve the issues that prompted them to place it outside in the first place. we'll see… it's an interesting situation, nonetheless. |
All times are GMT -5. The time now is 08:12 PM. |