FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-03-2008, 07:40 PM
"James B. Byrne"
 
Default OT: RIP settings for private netblocks

I am contemplating converting some of our internal networks from routable
to private IPv4 address space. I have a question about RIP as implemented
under Cisco IOS 12.x.

Presently the setting for rip is:

router rip
version 2
passive-interface [[FastEthernet]]0/0
network aaa.bbb.ccc.0
no auto-summary

What I would like to know is how one routes the entire 192.168/16 address
space using rip. My perusal of the various Cisco manuals, technical
documents and various O'Rielly books is not giving me any clear answer and
I am rather reluctant to experiment on our live Internet connection.

Will this do what I imagine it might, treat any address 192.168.x.y or
10.x.y.z as an internal network?

router rip
version 2
passive-interface [[FastEthernet]]0/0
network aaa.bbb.ccc.0
network 192.168.0.0
network 10.0.0.0
no auto-summary

Regards,

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-04-2008, 12:50 PM
"Mr Shunz"
 
Default OT: RIP settings for private netblocks

Hi,

[snip]

> Presently the setting for rip is:
>
> router rip
> version 2
> passive-interface [[FastEthernet]]0/0
> network aaa.bbb.ccc.0
> no auto-summary

is that aaa.bbb.ccc.0 a *public* IP class?

if it is with the conf below:

> router rip
> version 2
> passive-interface [[FastEthernet]]0/0
> network aaa.bbb.ccc.0
> network 192.168.0.0
> network 10.0.0.0
> no auto-summary

you inject private addresses to the other (public?) router...

if aaa.bbb.ccc.0 is another *private* class the configuration
should be ok...

maybe i misunderstood your question ...

cheers


--
------------------------------------------------
Daniele Santi .o.
daniele@santi.vr.it ..o () ascii ribbon campaign
Linux User #415108 ooo / www.asciiribbon.org
------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-06-2008, 05:03 PM
"James B. Byrne"
 
Default OT: RIP settings for private netblocks

On : Sat, 4 Oct 2008 14:50:37 +0200, "Mr Shunz" <mrshunz@gmail.com> wrote:

> Hi,
>
[snip]

>> Presently the setting for rip is:
>>
>> router rip
>> version 2
>> passive-interface [[FastEthernet]]0/0
>> network aaa.bbb.ccc.0
>> no auto-summary
>
> is that aaa.bbb.ccc.0 a *public* IP class?

Yes. It is a routable 'c' class address.

> if it is with the conf below:
>
>> router rip
>> version 2
>> passive-interface [[FastEthernet]]0/0
>> network aaa.bbb.ccc.0
>> network 192.168.0.0
>> network 10.0.0.0
>> no auto-summary
>
> you inject private addresses to the other (public?) router...
>
> if aaa.bbb.ccc.0 is another *private* class the configuration
> should be ok...
>
> maybe i misunderstood your question ...
>

This is possibly because I an so unfamiliar with routing that I lack the
terminology to ask it more clearly.

Our internal networks date back to the spring of 1995 and at the time we
used portions of our assigned C class netblock for all hosts. This
arrangement has survived to the present day.

I wish to move to a private netblock for internal use but I am
operationally constrained to do so gradually. What I want to do is in the
interim allow host 1 with the public IPv4 addr of aaa.bbb.ccc.171 to
co-exist on the same lan segment as a host with an address of
192.168.2.151 say. On said segement there is but one gateway to the
Internet, located at IPv4 aaa.bbb.ccc.1. The rest of the settings are as
in the first example above. If I add 192.168.0.0 to the list of networks
handled by RIPv2 at the router (and configure the router Eth0 with a
suitable virtual IP from the same network, say: 192.168.71.1) , will
internal traffic originating at a host with an address of 192.168.2.71
reach an internal host at 192.168.61.151 and can 192.168.2.71 also reach
aaa.bbb.ccc.171?

I will deal with NAT issues for these hosts at a later time. For now I am
concerned only with hosts that should not reach or be reached from the
public Internet in any case and therefore do not need a public IP or NAT.

I do not know if that is any clearer or not. Basically, I do not wish to
start physically segregating the internal lan into private and public
segments using an internal router. I want both address spaces to co-exit
on the same switch until the transformation is finalized and then we will
look at whether it makes sense to segregate.

We are taking about dozens of hosts, not thousands. But we do have legacy
systems that require devoted multiple virtual IPS on a single interface so
the number of IPs in use is several times the number of hosts.

I hope this question makes my desires clearer and provides sufficient
background detail for sensible commentary.

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-06-2008, 05:21 PM
"nate"
 
Default OT: RIP settings for private netblocks

James B. Byrne wrote:

> I will deal with NAT issues for these hosts at a later time. For now I am
> concerned only with hosts that should not reach or be reached from the
> public Internet in any case and therefore do not need a public IP or NAT.

You can accomplish this much easier by simply using
a firewall. I like OpenBSD firewalls in layer 2
bridging mode. Put the firewall in-line between the
router and the rest of the network, no other network
changes needed.

If your not well versed in routing I wouldn't recommend
going around making a bunch of changes to a system that
I assume has been more or less working for more than
a decade.

nate

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-06-2008, 07:15 PM
"James B. Byrne"
 
Default OT: RIP settings for private netblocks

James B. Byrne wrote:

> You can accomplish this much easier by simply using
> a firewall. I like OpenBSD firewalls in layer 2
> bridging mode. Put the firewall in-line between the
> router and the rest of the network, no other network
> changes needed.

The difficulty with this is that it requires yet another host, a
reconfiguration of the existing wiring plan, and dealing with a number of
other issues which directly arise from the first two requirements.

We already use IPtables, and we already have some of our older hosts
secured behind sshd linux boxes so that network traffic to them is only
carried en clair across direct x-wired patch cables.

> If your not well versed in routing I wouldn't recommend
> going around making a bunch of changes to a system that
> I assume has been more or less working for more than
> a decade.

Which is why I asked the question if by making a single change to the
network parameter of the Cisco Router could I avoid:

1. Physically segmenting my LAN
2. Having to commission an additional host or reconfigure an existing host
to multi-homed.

Routing is something I do not go at very often and I do not trust my
memory for such things in consequence. The manuals and books that I have
give sketchy coverage of this aspect and use examples much more narrow in
scope than I contemplate.

It would be a gross over-statement to say that I am unfamiliar with the
concepts of routing. But I am asking for specific guidance on specific
software (CISCO ISO 12.x) and hardware (CISCO 26xx series) from someone
with experience in these matters. I recognize that this is not the
precise forum to ask, thus the OT. On the other hand, I trust that my
situation cannot be very dissimilar to those faced previously by many
system administrators who also happen to run CentOS.

Regards,

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-06-2008, 08:26 PM
"Ross Walker"
 
Default OT: RIP settings for private netblocks

On Mon, Oct 6, 2008 at 1:03 PM, James B. Byrne <byrnejb@harte-lyne.ca> wrote:
>
> On : Sat, 4 Oct 2008 14:50:37 +0200, "Mr Shunz" <mrshunz@gmail.com> wrote:
>
>> Hi,
>>
> [snip]
>
>>> Presently the setting for rip is:
>>>
>>> router rip
>>> version 2
>>> passive-interface [[FastEthernet]]0/0
>>> network aaa.bbb.ccc.0
>>> no auto-summary
>>
>> is that aaa.bbb.ccc.0 a *public* IP class?
>
> Yes. It is a routable 'c' class address.
>
>> if it is with the conf below:
>>
>>> router rip
>>> version 2
>>> passive-interface [[FastEthernet]]0/0
>>> network aaa.bbb.ccc.0
>>> network 192.168.0.0
>>> network 10.0.0.0
>>> no auto-summary
>>
>> you inject private addresses to the other (public?) router...
>>
>> if aaa.bbb.ccc.0 is another *private* class the configuration
>> should be ok...
>>
>> maybe i misunderstood your question ...
>>
>
> This is possibly because I an so unfamiliar with routing that I lack the
> terminology to ask it more clearly.
>
> Our internal networks date back to the spring of 1995 and at the time we
> used portions of our assigned C class netblock for all hosts. This
> arrangement has survived to the present day.
>
> I wish to move to a private netblock for internal use but I am
> operationally constrained to do so gradually. What I want to do is in the
> interim allow host 1 with the public IPv4 addr of aaa.bbb.ccc.171 to
> co-exist on the same lan segment as a host with an address of
> 192.168.2.151 say. On said segement there is but one gateway to the
> Internet, located at IPv4 aaa.bbb.ccc.1. The rest of the settings are as
> in the first example above. If I add 192.168.0.0 to the list of networks
> handled by RIPv2 at the router (and configure the router Eth0 with a
> suitable virtual IP from the same network, say: 192.168.71.1) , will
> internal traffic originating at a host with an address of 192.168.2.71
> reach an internal host at 192.168.61.151 and can 192.168.2.71 also reach
> aaa.bbb.ccc.171?
>
> I will deal with NAT issues for these hosts at a later time. For now I am
> concerned only with hosts that should not reach or be reached from the
> public Internet in any case and therefore do not need a public IP or NAT.
>
> I do not know if that is any clearer or not. Basically, I do not wish to
> start physically segregating the internal lan into private and public
> segments using an internal router. I want both address spaces to co-exit
> on the same switch until the transformation is finalized and then we will
> look at whether it makes sense to segregate.
>
> We are taking about dozens of hosts, not thousands. But we do have legacy
> systems that require devoted multiple virtual IPS on a single interface so
> the number of IPs in use is several times the number of hosts.
>
> I hope this question makes my desires clearer and provides sufficient
> background detail for sensible commentary.

You can do this, no prob, make sure the private IPs terminate at the
firewall/proxy with NAT'ing and don't get RIP'd to the edge router
beyond.

I would probably only route 1 set of private IP addresses though,
pick 192.168.0.0/16 or 10.0.0.0/8, but not both. You can subnet 10.0.0.0
into as many subnets you want with variable subnetting. Use vlans on
the routers/switches, one vlan for the public IPs, one for the private IPs
and as hosts are migrated from public to private IPs you will remove
them from vlan A and add them to vlan B, if you use DHCP it makes
things sooo much easier as all you need to do is change the vlan
assignment.

Here I have a class B allocated from 10.X.X.X for each office site, and
separate class Cs for each network within those sites.

Turn subnet auto-summation off too.

If you want more detailed config info email me off-list.

-Ross
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-06-2008, 08:48 PM
"nate"
 
Default OT: RIP settings for private netblocks

James B. Byrne wrote:

> 1. Physically segmenting my LAN
> 2. Having to commission an additional host or reconfigure an existing host
> to multi-homed.


That's the beauty of bridging, *NO* changes are required to
your lan. There are no IP addresses on the firewall's interfaces.

Worst case you can disable the firewall by replacing it with
a crossover cable.

nate

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org