|
-
May 6th, 2004, 02:56 PM
#11
Yes, it's the same scenario I described above basically. Once behind the second router/firewall the address ranges can be identical because they are isolated.
Say the external router, (ER), (publicly accessible), is at LAN address 192.168.1.1 and the WAN address of the internal router, (IR), is at 192.168.1.2 with a LAN address 192.168.1.1 and there is a machine, (IM), behind the internal router at address 192.168.1.2.
If the internal machine requests HTTP from yahoo it goes like this:-
1. Packet sent from IM to IR, (default gateway)
2. IR updates connection table, masquerades IP to IR WAN address forwards packet to ER, (it's default gateway).
3. ER updates connection table to show the connection is from IR WAN address, forwards packet to Yahoo masqueraded with the WAN address of ET.
4. Yahoo responds to WAN address or ER.
5. ER Checks connection table, forwards packet to WAN address of IR.
6. IR checks connection table, forwards packet to ip address of IM.
Note: both routers have the same LAN address but different WAN addresses and that the WAN address of the IR is the same as the IP address of the IM. There can be duplication of IP addresses on both the internal and "external" network as long as the router firewall separates the two networks.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 6th, 2004, 02:56 PM
#12
Yes, it's the same scenario I described above basically. Once behind the second router/firewall the address ranges can be identical because they are isolated.
Say the external router, (ER), (publicly accessible), is at LAN address 192.168.1.1 and the WAN address of the internal router, (IR), is at 192.168.1.2 with a LAN address 192.168.1.1 and there is a machine, (IM), behind the internal router at address 192.168.1.2.
If the internal machine requests HTTP from yahoo it goes like this:-
1. Packet sent from IM to IR, (default gateway)
2. IR updates connection table, masquerades IP to IR WAN address forwards packet to ER, (it's default gateway).
3. ER updates connection table to show the connection is from IR WAN address, forwards packet to Yahoo masqueraded with the WAN address of ET.
4. Yahoo responds to WAN address or ER.
5. ER Checks connection table, forwards packet to WAN address of IR.
6. IR checks connection table, forwards packet to ip address of IM.
Note: both routers have the same LAN address but different WAN addresses and that the WAN address of the IR is the same as the IP address of the IM. There can be duplication of IP addresses on both the internal and "external" network as long as the router firewall separates the two networks.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote