BBS水木清华站∶精华区

发信人: omega (leo), 信区: Linux
标  题: Re: [求助]子网配置: 与omega讨论
发信站: BBS 水木清华站 (Sun Sep 21 15:18:12 1997)

【在 aguest (aguest) 的大作中提到: 】
∶ 想和omega兄讨论一下子网问题
∶ 1：如果router的两块网卡的ip, netmask分别设为
∶        A:   XXX.XXX.XXX.A, 255.255.255.0  (外部)
∶        b:   XXX.XXX.XXX.B, 255.255.255.240 (内部)
∶ 由于内部的ip的前部分xxx.xxx.xxx与外部的相同，那么由netmask
∶ 判断，内部的ip显然也属于外部网址，如果没有优先级之类的分辨
∶ 方法，显然存在冲突。这种变长子网，在linux上已经实现了吗？
∶ 这样造成的子网冲突如何解决？
/sbin/route add -net XXX.XXX.XXX.B netmask 255.255.255.240 dev eth0 or eth1
the problem is with the external part, it is safer to do
/sbin/route add -net XXX.XXX.XXX.0 netmask 255.255.255.240 dev eth1 or eth0
/sbin/route add -net XXX.XXX.XXX.16 netmask 255.255.255.240 dev eth1 or eth0
and so on
∶ 2: 如果上级router不改变路由表，他就不知道存在子网B, 则必然
∶ arp得不到正确的子网内机器的mac地址。如果proxy arp能使上级
∶ 路由将所有送到子网B的包都送到该router, 然后再转给子网内的
∶ 机器。设proxy arp时相关router的设置有什么？
∶ 请omega详细解释一下
you can use arp proxy like this
/sbin/arp -s XXX.XXX.XXX.XXX.b <mac addr. of the card in external part> \
netmask 255.255.255.240 pub

That is to tell all hosts in the department network that your A card should
answer for subnet B.

Any the way is to use ip_masquerating, in this case the external network will
not see your subnet, external hosts consider they are talking just with your
subnet router.

Depends what exactly you want to do, if you want to restrict the access to
external netwaork and protecting your subnet, the ip_masquerating is better.

If you just want to ensure Inetrnet access to hosts on your subnet, an easier
way is to set your router as a IP bridge, Linux supports is. In this case all
the hosts on your subnet act just as the was directly connected to the
deparment network.

Good luck!

--
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: pics16.cis.PKU.]