No subject

Wed May 2 09:34:27 EDT 2001

Chris,

I have put local broadcast forwarding on conventional IP routers for
specific applications, and i strongly suggest you find a better way around
your problem. We always have problems, either during implementation, or when
there are network changes later.

The basic issue is that you are setting up the "router" so that they do not
obey oe of the cardinal rules of IP forwarding - local broadcasts should not
cross a router.

1 Q - do you need "any to any" forwarding? - If the Linux box will have to
replicate any broadcast coming from a remote site as well as on the local
LAN.

The issue is that it will be very easy to cause a broadcast forwarding loop.
If you do manage to send the packet to a remote network, then any router on
that LAN that "sees" the 192.168.1.255 packet will regard it as a directed
broadcast to a remote network, and try to forward it.

In the worst case, the net result is that if there a few routers with this
behaviour (or devices that do this and are not necessarily routers), then
the broadcasts will bounce between the sites, and each trip through the
central site will spawn more copies sent elsewhere.

some devices allow you to turn off forwarding of directed broadcasts (which
recently went into the set of behaviours in an offical RFC complient
router), but many default to on.

The other issue is that this is likely to eat bandwidth even when stable.

The fix for the "design issue" is IP multicast, but whether you can get that
working on Linux i cannot help you with.

regards

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
<http://www.energis-eis.co.uk/>
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776 4189

-----Original Message-----
From: Chris Leavoy [mailto:chris at SDK.CA]
Sent: 30 April 2001 22:54
To: VPN at SECURITYFOCUS.COM
Subject:

We are in the process of remote access to the LAN at my place of employment.
To prepare myself for this great task I setup pptpd on my Linux server at
home.  After a few hours, I managed to get it working, and win2k boxes
connecting to my home server.  Everything seems to be working as it is
suppose to.  But there are still somethings I need to add.  Because of the
applications and other things that we do, I need to somehow make broadcast
traffic be forwarded/sent across all interfaces on the main Linux router.
In other words, packets sent to 192.168.1.255 (broadcast ip) must be caught
by the linux router, and then sent out all of the ppp and tun devices.  I
guess I am looking for some pointers on how this could be accoplished, and
maybe a few resources where I can read up on it.

My network setup is as follows

Main server, Linux 2.2.18
eth0: 192.168.1.3 netmask 255.255.255.0
eth1: internet
ppp*:  remote access computers (connected over the internet)

ppp clients are given an ip in the 192.168.1.96-127 range.

ThankYou

__________________________________________________
Chris Leavoy
chris at sdk.ca <mailto:chris at sdk.ca>
www.sdk.ca/chris/ <http://www.sdk.ca/chris/>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM