Date: Thu, 07 Nov 1996 09:06:33 +0200 From: Nadav Eiron <nadav@barcode.co.il> To: dwhite@resnet.uoregon.edu Cc: FreeBSD Questions <questions@freebsd.org>, rajeshsri@hotmail.com Subject: Re: Can U help me ? (fwd) Message-ID: <32818A79.216A@barcode.co.il> References: <Pine.BSI.3.94.961106153450.11786C-100000@gdi.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug White wrote: > > Can someone with some networking knowledge help this person out? I'll give it a try... > > I don't know enough about connectivity issues. > > Doug White | University of Oregon > Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant > http://gladstone.uoregon.edu/~dwhite | Computer Science Major > > ---------- Forwarded message ---------- > Date: 06 Nov 96 13:20 IST > From: rajeshs%NIITDEL@iris.ernet.in > To: dwhite@gdi.uoregon.edu > Cc: rajeshsri@hotmail.com > Subject: Can U help me ? > > > > Hi! > > I am writing this mail to U with the hope that U will surely provide me > your opinion. I have following set up : > > - About 1200+ TCP/IP nodes > - Some of these nodes have been configured as proxies for Internet access > - The IP scheme which we are following is 132.147 with subnet of > 255.255.0.0 > - Actually we should have not used this scheme as it is not recommended > for private network now obviously if a user wants to access a node with > netid > of 132.147 on Internet, he cannot 'cos our DNS server treats this as a > local IP. The problem is not with DNS (though that might be a problem with reverse translation). The main problem is routing. When your router to the Internet sees an address that belongs to 132.147.x.x it will send it to the internal network, and not the internet. If all you need is web access and the like, I think there is a solution, but it is not an elegant one, nether is it easy to implement. What you'll need is *two* proxies. Look at the following scheme: +---------------------+--------------+ 132.147.x.x | | +-+-+ | | Proxy1 +-+-+ | | "Legal" IP Addresses +-+-+ | | Proxy2 +-+-+ | The Internet With this configuration, you should configure Proxy1's routing tables to look for the 132.147.x.x addresses on the internal networks, and Proxy2's routing tables to look for those addresses on the Internet. This would let Proxy2 communicate with hosts in the "real" 132.147.x.x net on the internet, while Proxy1 will recognize your net. You may have a bit of trouble configuring your proxy software, but I think a bit of patching on something like the TIS fwtk will do the trick. For web access it might even be easier than you'd think. Still, this solution is far from elegant and you really should consider assigning new addresses to your nodes or giving up on the 132.147.x.x networks (who owns it anyhow?). I should also say that I've never tried such a setup, but I think that it could be made to work. > With the given IP scheme is there a method by which I can still access > the nodes on Internet whose IP's netid is same as ours ? Is there any > firewall technique to handle this ? We have constraint to change our IP > scheme also. > > Pls advise ! I'll be obliged. Any pointers ? > > Thanx and regds > > Rajesh > > e-mail : rajeshs%niitdel@iris.ernet.in > cc to : rajeshsri@hotmail.com Good luck Nadav
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32818A79.216A>