|
Hello,
On Sat, 6 Jul 2002, Jeff wrote:
> Can you provide some more detail concerning the Bridging? Since my real
> servers (network 192.168.32.0) are on a different network than my "test
> internet" (network 90.0.0.0), how is it possible for them to use 90.0.0.3 as
> a default gateway?
The wiring is one of the sides, the other side is how
the IPs are configured. You can say that route to IP/32 is
a route to subnet, nothing different. I.e. you can place
IPs on different segments as long as you have the right
routes. The more specific routes (with longest network part)
are considered before the others. In the same way your
subnets are exception from the 0/0 universe.
In your setup you prefer IPs from one subnet to be
on separate network segment. But it is possible the RSs
to have other IPs from the pubnet, at least, they can
use host route to the gateway and then to use it as default
gateway after the kernel knows that it is onlink. The result:
the RSs can use it as gateway from routing perspective. Now
remains we to connect them on layer 2 with bridging.
As for the bridging, nothing special if you already
played with this functionality. You configure bridging on the
director, eth0 and eth1 become slave ports, you configure
the both subnets on br0 and the RSs use 90.0.0.3 as defgw.
That's all. From routing perspective it seems your RSs do
not use the director as defgw and everything works as
expected.
But considering your ascii chart it seems your director
is the border gateway, so there is no firewall host under
your control. In such case you can use the forward_shared
flag and to avoid using bridging which is not secure for
external devices used as slave ports, it does not prevent
IP spoofing when forwarding at layer 2. Of course, there
are bridging extensions that allow firewalling the forwarded
traffic between the slave ports but everything is a matter
of taste.
> Thanks,
> Jeff
Regards
--
Julian Anastasov <ja@xxxxxx>
|
