[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 (was: Oh yeah, I'm famous)

To: luci-discuss@luci.org
Subject: Re: IPv6 (was: Oh yeah, I'm famous)
From: Charles Menzes <charles@lunarmedia.net>
Date: Fri, 11 Aug 2000 23:41:51 -0500 (CDT)
In-Reply-To: <20000811224229.A1246@server1>
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org

so, are both LANs using the same block of rfc1918 addresses? i had to do
exactly what you are doing with two sites using 192.168.200/24, and
neither wanting to renumber. it was difficult to do because each side also
did not have a sufficient pool of live addresses to do static mappings per
host.

cjm

On Fri, 11 Aug 2000, Jeff Licquia wrote:

> On Fri, Aug 11, 2000 at 12:10:57PM -0500, Steven Pritchard wrote:
> > Charles Menzes said:
> > > how will vlan support help this out? -cjm
> > 
> > You'll probably want to look at those sites I mentioned for more
> > information, but basically you can assign a VLAN tag to all traffic
> > (for example) on a given interface, then route based on that tag.
> > 
> > Of course, sooner or later you're going to have to do some NAT or
> > something in order to have traffic from the two networks mix, but
> > that's fairly easy...
> 
> This is great when you control both networks.  It isn't so great when
> you only control your side, and the tech on the other side doesn't
> know anything about firewalls or security.
> 
> > Seriously, if I were going to deal with that problem (two LANs with
> > the same address space), I'd use two boxes and NAT between them.  So
> > it would look something like this:
> > 
> > 192.168.1.0/24 -> NAT 10.0.0.0/24 <-> NAT 10.0.1.0/24 <- 192.168.1.0/24
> > 
> > If that makes any kind of sense...  :-)
> 
> That's what I'm planning to do, should the day come for me.
> Actually, it'll look like this:
> 
> 192.168.1.0/24 -> 192.168.0.1 -> 192.168.0.2 ----> 192.168.1.1 -> 192.168.1.2
>  My internal        Internal       External   VPN     Their          Target
>    network          firewall       firewall          firewall
>                     (IPMasq)        (SOCKS)
> 
> (Numbers changed to protect the innocent.)
> 
> This makes everything work without taking months to train the remote
> tech staff in the finer points of IP routing.  From their perspective,
> we look like a normal (but very busy) single node.  I think I can even
> get away with not having to renumber hosts that use the two external
> addresses inside my firewall.  The telnet software will likely be
> proprietary as well, and may not support SOCKS, in which case, we'll
> likely need to play even more games with masq, transparent proxying,
> port forwarding, and the like.
> 
> Even in the best of cases, it's still a kludge of epic proportions in
> my view.  Having assigned IPs on both networks would be way easier.
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: IPv6 (was: Oh yeah, I'm famous)
  - From: Jeff Licquia <jeff@luci.org>

References:
- Re: IPv6 (was: Oh yeah, I'm famous)
  - From: Jeff Licquia <jeff@luci.org>

Prev by Date: Re: IPv6 (was: Oh yeah, I'm famous)
Next by Date: Re: IPv6 (was: Oh yeah, I'm famous)
Prev by thread: Re: IPv6 (was: Oh yeah, I'm famous)
Next by thread: Re: IPv6 (was: Oh yeah, I'm famous)
Index(es):
- Date
- Thread