*** The following IPs are only examples, for security purposes. ***
I am new to route. Here is the set up, though:
Our local subnet is 10.20.0.0.
There are three VPN's-
VPN1 - Connects us with our other office, 10.20.0.0 is their subnet. This address is 10.20.3.50.
VPN2 - Connects us with another company, and all traffic heading to their network. They have 4 different subnets that they use. 192.168.1.0, 192.168.2.0, 192.168.3.0, and 192.168.4.0. The VPN is 10.20.3.51.
VPN3 - Connects us with yet another company on only one subnet. Their subnet is 10.5.15.0 and the VPN is 10.20.3.52.
The default gateway is 10.20.1.1.
The ClarkConnect box has two nics and is running in gateway mode.
Quote:
Public /------VPN1---------\
|------VPN2---------|
|------VPN3---------|
|_____Clark________/__________________Internal
Gateway------/ Connect
|
Now, the routing setup I currently have going is dragging the internet. I have determined it is the clark connect machine. Now, my current route script is VERY short, but I found another script online, and I have edited it for my own use.
Here is my routing table, and the commands I entered (I did nothing else besides this, and I'm sure now that this was wrong):
Quote:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.XXX.XXX.45 * 255.255.255.224 U 0 0 0 eth0
10.5.15.0 10.20.3.52 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.2.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.3.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.4.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
10.20.0.0 * 255.255.0.0 U 0 0 0 eth1
10.10.0.0 10.20.3.50 255.255.0.0 UG 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
65.0.0.0 * 255.0.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 65.XXX.XXX.44 0.0.0.0 UG 0 0 0 eth0
route add -net 10.10.0.0 netmask 255.255.0.0 gw 10.20.3.50 eth1
route add -net 10.5.15.0 netmask 255.255.255.0 gw 10.20.3.52 eth1
route add -net 65.0.0.0 netmask 255.0.0.0 eth0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
|
Here is the script I found online, that I have edited for my own use:
Quote:
#!/bin/bash
echo "Start Network Configuration..."
echo "Setting LAN variables..."
LANIP="10.20.3.99"
LANNET="10.20.0.0/32"
LANIF="eth1"
ATL_SUBNET="10.10.0.0"
ATL_MASK="255.255.0.0"
ATL_GW="10.20.3.50"
PRIME_SUBNET="10.5.15.0"
PRIME_MASK="255.255.255.0"
PRIME_GW="10.20.3.52"
PEGS_SUBNET1="192.168.1.0"
PEGS_SUBNET2="192.168.1.0"
PEGS_SUBNET3="192.168.1.0"
PEGS_SUBNET4="192.168.1.0"
PEGS_MASK="255.255.255.0"
PEGS_GW="10.20.1.5"
echo "Setting WAN variables..."
WANIP1="65.XXX.XXX.50"
WANNET1="65.XXX.XXX.43/30"
WANGW1="65.XXX.XXX.44"
WANIF1="eth0"
#No modifications after this line.
echo "Flushing tables..."
ip route flush cache
ip route flush all
ip route flush table 10
ip route flush table 11
ip route flush table 12
echo "Adding routes to default table..."
ip route add $WANNET1 dev $WANIF1 src $WANIP1
ip route add LANNET dev $LANIF src $LANIP
ip route add 127.0.0.0/8 dev lo src 127.0.0.1
echo "Adding 1st WAN ip rules..."
ip rule add from $WANNET1 lookup 11
echo "Adding routes to 1st WAN table..."
ip route add $LANNET dev $LANIF table 11
ip route add 0/0 via $WANGW1 table 11
ip route add -net $ATL_SUBNET netmask $ATL_MASK gw $ATL_GW $LANIF
ip route add -net $PRIME_SUBNET netmask $PRIME_MASK gw $PRIME_GW $LANIF
ip route add -net $PEGS_SUBNET1 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET2 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET3 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET4 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
echo "Adding balanced default route..."
ip route add default equalize nexthop via $WANGW1 dev $WANIF1 weight 1
echo "Network Configuration: Done!"
|
I haven't tried the script yet. I didn't want to make matters worse.
And lastly, I want to specify virtual IPs, so a webserver behind the firewall would be on 65.XXX.XXX.48 and the ClarkConnect machine would forward any requests for that IP to another server.
I know that there are a lot of questions, but any help would be greatly appreciated.
