[PLUG] Comments on double NAT...

Michael Robinson plug_1 at robinson-west.com
Sun Dec 20 09:14:17 UTC 2009


On Sat, 2009-12-19 at 18:47 -0800, Mike Connors wrote:
> Michael Robinson wrote:
> 
> Web, Goose, and Xerxes are gateway, mail server/proxy, gateway
> respectively. This is the original network's means of accessing
> the Net.
> 
> I think this piece is complicating matters. It seems you've got multiple 
> NICs these boxes
> on different networks? Which in the absence of a router and switch/hub I 
> understand. But if you could
> centralize your routing it would make this a lot less painful.
> > In a nutshell, I want to be able to route from the original 
> > network in Scappoose, it uses black lines in the DIA diagram, 
> > to a host on the other side of the VPN tunnel implemented by
> > the FVX 538.  

Yes, I have multiple links where the diagram if the plug list
hadn't screwed it up shows that.  You can count the links
in the diagram and that shows the number of networks that machine
is hooked to ( treat the Net as one network ) which equals the
number of interfaces in that machine.

> Original network is 192.168.0.0 / 24?
> > There is also the problem of making 192.168.0.x and 192.168.1.x
> > link together ( Scappoose side both networks ).
> >   
> How do you mean?
> A router has a leg into both networks so hosts can communicate
> across net boundaries?
> Or do you mean by putting them on the same network by making the
> subnet smaller such as 192.168.0.x / 22

192.168.0.x/24 network was implemented by my brother for the Office
which was split off of the original network.  Dodo is acting as a
router.  Dodo has one leg in the 192.168.0.x/24 (or theoretically
it will have a leg to there) and two other legs to three other 
networks.  192.168.3.0/28 and 192.168.3.16/28 are accessible 
through one leg and 192.168.4.0/24, the network dodo boots over, 
is available on a third leg.  The diagram would help as it 
shows all of the switches, the FVX 538, the Linksys WAP11 between
web/xerxes and dodo, and the DSL modem.  The diagram also 
differentiates the links in different networks by color.

My brother's network is the FVX 538, a Netgear switch/802.11g
appliance, my other brother's computer in the Office, and a 
printer in the office.  The link from the Office to the server 
room, a wired line, was taken off of the original network to 
create this isolated network.  The routing is not centralized 
and that is confusing, but it can't be helped.  The Office 
network has to be reliable because it is being used by a 
business.  I just want to be able to go to the business VPN 
from the original network and I want to be able to instant 
message computers in the office from the original network.
I think that the FVX has the only static address in the 
192.168.0.x network and that everything else in the office
network is assigned by it randomly.  This could be a problem
because how do I instant someone on a computer that has a
random IP address?

In some ways it would be nice to say let's start over and go from
a parallel routing situation to a singular routing infrastructure,
but I don't think that's an option.  To some degree, the business
network has to operate independently of the original network.  This
is why my goal is to only allow instant messaging between Office
computers and original private network computers, at least initially.

I am going to put the DIA diagram on my global ftp servers because it
appears to be one of the only ways that I can get it out to people
reading the plug list that want to study it:

ftp://ftp.robinson-west.com/pub/robinson-west_com.dia

           or:

ftp://ftp2.robinson-west.com/pub/robinson-west_com.dia

The hardest part of making a diagram, finding the right
tool to diagram with and learning what to diagram.  I
don't diagram every single host, only the servers/routers
and maybe a printer.




More information about the PLUG mailing list