Re: Linux router howto - not just NAT
From: jack (not_at_all.org)
Date: 12/23/03
- Next message: Raj: "Re: wierd networking problem - please help"
- Previous message: archibald: "Re: prism2_plx module problem"
- In reply to: Terence Parker: "Re: Linux router howto - not just NAT"
- Next in thread: Antoine EMERIT: "Re: Linux router howto - not just NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 23 Dec 2003 13:13:29 +0100
Terence Parker wrote:
> Hmm... thanks guys for the replies - I appreciate the help. Perhaps I wasn't
> clear enough though in my first post?
>
> I currently already have a machine that does NAT in the office - taking in
> the line from the ISP on eth0 and then carrying out NAT over the internal
> interface eth1. However, I now want to do more than that.
>
> My ISP has given me a block of several IP addresses - but no router. I will
> plug one network interface into the line direct to the ISP (it's not PPPoE -
> just straight through TCP/IP... it's FTTB here), and then the internal NIC
> will interface with the office switch. I want the linux server configured
> such that for any computer plugged into the switch, it can either grab an
> internal address through DHCP (easy enough - doing that already) - OR the
> user can manually configure a real IP on that computer, and as such that
> would bypass the firewall and everything (though actually, it's still going
> through the linux server, which is simply transparently forwarding real IP's
> to the internal network). This is basically what a router does I gather -
> but I don't have one of those things.
>
> As a bonus - but one thing at a time - I actually have two incoming lines
> from two separate ISP's, each with a block of several IP addresses. Ideally
> I want the said server to connect to both ISP trunks (the PC has three
> NIC's), thus allowing users on the internal network to tap in IP addresses
> from either of the two networks. But i'll worry about that a bit later.
>
> Does this help clear things up a bit?
Well, if that is what You really want to do...
If I get You correctly, You want Your linux box to do firewalling/NAT
for those clients in Your subnet that have private IP addresses. --
You're doing that already, so there's no problem.
Then, You want Your router to simply forward traffic to and from clients
in Your local net that have one of the public IPs.
You can simply do that. With iptables, You should already have a rule
that NATs all traffic from the inside. This rule should have both the
internal interface plus Your local private IP range in it.
Then, simply add one more rule that will only forward IP addresses from
Your public IP block back and forth.
I'm not sure whether this is a good idea at all, but if this is what
You want, I really cannot see where Your problem is.
Anyways, as for the routing, You should tell Your linux router that
both the internal subnet plus Your assigned IP range is available via
Your internal NIC, and all others via Your external one. The clients
must use Your router as the default gateway, no matter which IP they
have. And, the clients themselves must know that Your range of IPs is
local.
Hope this points You into the direction,
Cheers, Jack.
-- ---------------------------------------------------------------------- My personal reading of the string "MicroSoft" expands to "NanoWeak"...
- Next message: Raj: "Re: wierd networking problem - please help"
- Previous message: archibald: "Re: prism2_plx module problem"
- In reply to: Terence Parker: "Re: Linux router howto - not just NAT"
- Next in thread: Antoine EMERIT: "Re: Linux router howto - not just NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
