• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Routing Question

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Routing Question"

Collapse

  • stek
    replied
    Originally posted by Contreras View Post
    Network Address Translation (NAT) - like what ADSL routers do so that web server replies can find their way back to your private LAN.

    For Linux it would be https://www.google.co.uk/?q=iptables+masquerade+SNAT. Not sure about AIX.
    Yeah I'm natting on an ASA (and patting) but I'm a scared of it to be honest, I'm not a network guy and we haven't got anyone else apart from the woman who makes the tea.

    It's ipfilters for AIX but as this box does other things I'm a bit wary of frigging it.

    Leave a comment:


  • Contreras
    replied
    Originally posted by stek View Post
    I've tried all forms of 'route add -host x.x.x.x -interface x.x.x.x to no avail - I think Im struggling with the fact the ping/telnet queries I'm using to test don't know how to get back to Host A.
    Network Address Translation (NAT) - like what ADSL routers do so that web server replies can find their way back to your private LAN.

    For Linux it would be https://www.google.co.uk/?q=iptables+masquerade+SNAT. Not sure about AIX.

    Leave a comment:


  • smatty
    replied
    Originally posted by stek View Post
    I'm too scared lol!!

    Think we ought to do it properly, i.e. get the local IP's allowed at the other end even if it means a long drawn out process......
    If the "other network" is 3rd party then best to create a completely separate IP range (e.g. 172.16.x.x if the LAN uses 10.y.y.y) living on the firewall used for all traffic to 3rd parties and use NAT to hide behind that range. Easy to make changes, hides your internal addressing and avoids any issues around overlaps, routing, etc.

    Haven't you got a network architect there who can knock that together? I know a good one if you need, re-assuringly expensive too
    Last edited by smatty; 29 September 2015, 07:02.

    Leave a comment:


  • stek
    replied
    Originally posted by smatty View Post
    If 'twere me, I would allocate a subnet for "NAT" purposes on the ASA and ask the other network to allow that entire subnet. Gives a bit more flexibility in future.

    If that's not an option then I think you'd need to re-address the servers so the "permitted" IP address isn't in use on the LAN and then do the NAT on the ASA (i.e. move that IP address onto the firewall), assuming all traffic to that other network goes through the ASA. But that might bugger up anything else internal which already uses the permitted IP address to get to that server.
    I'm too scared lol!!

    Think we ought to do it properly, i.e. get the local IP's allowed at the other end even if it means a long drawn out process......

    Leave a comment:


  • smatty
    replied
    Originally posted by stek View Post
    I wonder if it's easier to do it on the ASA?
    If 'twere me, I would allocate a subnet for "NAT" purposes on the ASA and ask the other network to allow that entire subnet. Gives a bit more flexibility in future.

    If that's not an option then I think you'd need to re-address the servers so the "permitted" IP address isn't in use on the LAN and then do the NAT on the ASA (i.e. move that IP address onto the firewall), assuming all traffic to that other network goes through the ASA. But that might bugger up anything else internal which already uses the permitted IP address to get to that server.

    Leave a comment:


  • stek
    replied
    Originally posted by smatty View Post
    You can route it through but it'll still have the same source IP, will need to do address translation too and I've no idea if AIX can do that, apparently IPFilter does.

    You should be able to set routes using more specific match, set the route to that particular single IP address via the desired router on whatever client machine it is and everything else will still go via the normal default gateway. According to IBM the syntax is route add -host $dest-IP $router-IP
    I wonder if it's easier to do it on the ASA?

    Leave a comment:


  • smatty
    replied
    You can route it through but it'll still have the same source IP, will need to do address translation too and I've no idea if AIX can do that, apparently IPFilter does.

    You should be able to set routes using more specific match, set the route to that particular single IP address via the desired router on whatever client machine it is and everything else will still go via the normal default gateway. According to IBM the syntax is route add -host $dest-IP $router-IP

    Leave a comment:


  • stek
    started a topic Routing Question

    Routing Question

    Anyone know how to route traffic from host A through host B for a particular IP and back?

    We have traffic that leaves our network and is only accepted by the other network if it's a particular IP. It's a royal PITA getting the other end to accept traffic from another IP so we thought to save time we might route other IP traffic through the host with the accepted IP, and back. We have:

    Host A - AIX WPAR
    Host B - AIX Host (global - different box)
    Host C - Host A WPAR's Global

    I've tried all forms of 'route add -host x.x.x.x -interface x.x.x.x to no avail - I think Im struggling with the fact the ping/telnet queries I'm using to test don't know how to get back to Host A. But I'm clueless on this really.

    Host A (the WPAR) shares the routing table with it's underlying Global with a unique IP so I am assuming I make the changes on that Host C.

    Just in case, a WPAR is AIX's equivalent of Solaris Zones/Containers.

    Ta!

Working...
X