[nos-bbs] tun0 and more Linux routing commands

George [ham] VerDuin k8rra at ameritech.net
Wed Apr 27 08:52:53 EDT 2011 

Apology accepted Jay.


> Greetings Skip,
>
> On Tue, 26 Apr 2011, George [ham] VerDuin wrote:
>
>> >SNIP<<  Life is a lot more "fair" than you let on.
>> Skip
>
>     It was certainly MY mistake for not having first asked what router you
> were using.  So the "assumption" that it was a POS off-the-shelf $30
> router was a likely and logical conclusion.
>
>     Now go off and learn Cisco IOS and route Protocol-4.  This is easily
> done if you know how to use that router.  But then, you *still* haven't
> shared with us exactly *what* router you are using?  Model number?  IOS
> version?  Interfaces?  Aftermarket/relabled or an original Cisco?  PIX?
> What?
Well -- Certainly anyone programming this device needs the above detail 
before attacking the issue of penetrating the firewall safely.  In this 
case I'm not the programmer of record -- nor >especially< do I ask such 
detail from anyone on the reflector.  In this case I carry the JNOS 
config responsibility and IT staff carry "getting the traffic to the 
host" [and jnos].  I have some experience with $30 crap but in this case 
I'm looking for *successful experience* to pass on to IT staff who are 
facing their first(?) need to do a "hammy" project more complex than 
DMZ.  At this moment IT is doubting the ability of an expensife gateway 
to actually do the whole job.

You see the first really senseble thing you said above was "... and 
route Protocol-4".  That concept was not part of the original design. 
  I've also considered a firewall with only DMZ to the host IP then 
adding the logic in iptables at the host configured to split traffic 
into the two stacks for processing.  So that is two alternative design 
strategies already, one of which requires me to learn iptables 
technology without moral support of anyone who already succeeded using 
the approach.  Perhaps there are more?

Quite frankly, the most I can ask of the reflector readership is 
individual success or failure stories using some approach not identical 
to the one you presented at the base of this subject thread.  A real 
golden find might be someone who "speaks Cisco" and is willing to mentor 
our IT guy who pulled the assignment some place off-reflector.


>     Your query was still too vague to provide a solid answer...
Only if you consider the question to be a detail programming question. 
  It's not.
Think in terms of design strategy and perhaps a good word about "we did 
it so don't be discouraged by small failures"...


> I'm sorry
> to have wasted your and my time...
The jury remains out on just how much waste there was.

Skip

More information about the nos-bbs mailing list