Eric on 30 Aug 2009 16:11:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] network fixer hat

Richard Freeman wrote:
> Eric wrote:
>> Paul DiSciascio wrote:
>>> You're correct, it's being passed to the default gateway.  You won't  
>>> be able to talk to anything in the subnet without a NIC  
>>> on that subnet or a router that knows about it.   Even if you were to  
>>> add a route for that subnet to your routing table, the return traffic  
>>> won't know how to get back to the subnet.
>> This makes sense.  Oddly, I can get return traffic from the ftp daemon
>> Unfortunately, I cannot log in so maybe it's not working as it appears.
> Ok, return traffic back to the single linux host that you've multi-homed 
> in this manner will work just fine.  However, that linux box will not 
> automatically forward packets on to the other subnet unless you set up 
> some netfilter rules.  

I'm not sure I want the Linux host to forward those packets, do I?

It's my workstation - I'm simply trying to access a 192.168.x.x device from a
10.10.10.x Linux box (on a 10.10.10.x network) for (ultimately) getting the
192.168.x.x device moved over to the 10.10.10.x network.  If the packets come
back to me I'm very happy AFAIK.

> With appropriate settings you could actually set
> up a router that forwards traffic as appropriate even though it is all 
> on the same physical network.


> As far as ftp/etc goes - what interface is your server listening on?  If 
> the FTP server is bound to then it should get the traffic from 
> both subnets (not sure if it matters whether you start the server after 
> creating the interface).  However, if your FTP server is bound to 
> 10.10.10.### then it will not receive traffic from 192.168.x.y since it 
> isn't listening on that interface.  There is a chance you might need to 
> adjust your FTP configuration.

The ftp server is on the device so as long as I can send packets
to it from the ftp client (on my Linux workstation) then I'm very happy.

> Note that if this same box is also connected to another interface to the 
> internet (the box is effectively a router/firewall) be careful about 
> binding to since now your FTP server will be open to the 
> internet as well (unless you have a netfilter rule set to block traffic 
> to that port from outside).

Yes, this all takes place behind a firewall that is in a DMZ on the Verizon
router so as far as I know the only traffic that exists on my network is in one
of the two aforementioned IP ranges.

> Also - if you do have netfilter set up you need to make sure that it 
> isn't blocking incoming traffic on the new interface.

Nope, not a problem.

> I've done this trick myself to configure new appliances/etc to get them 
> on my normal network without having to reconfigure one of my own 
> comptuers to talk to them.

Great.  It's working for me so far although the client device (the
Buffalo HD-HG400 NAS) is not remembering it's old password :-(



#  Eric Lucas
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --