[techtalk] NAT, Routing, or something else?

Samuel Tesla johngalt at io.com
Sun Apr 22 22:45:30 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I recently got DSL and a /27 subnet of static IPs to play with.  Problem is,
I can't quite figure out what I need to do to set up the routing for the IPs.

Here's how the network is set up

Internet ---> ISP Gateway ---> My Cisco 678 ---> My Firewall (486) -< My LAN

Now, I know it is possible to do this somehow, although I've not seen it done
with a Linux kernel.  What I'd like to do is assign the IPs in my subnet to the
boxes on my LAN (no NAT or anything) and just have my firewall act as a router.
That alleviates concerns about protocols (and I think is the only way to get
certain direct computer connection protocols to work).  

An alternative is to set up NAT on the firewall (I'm doing masq with ipchains
at the moment) and give the LAN machines ten-space addresses.  This I already
know how to set up, but I don't like it.  It involves setting up port
forwarders and what not, and can get tricky with some protocols.  I'd like to
avoid this.

There might be another alternative that I'm not aware of.

I've tried running routed to accomplish the routing, but I cannot ping my
internal IPs from the outside (of course, I can go from inside to outside, due
to the MASQ).  I'm trying to figure out how to do the first scenario (the
actual routing) with the Linux kernel, and the Adv-Routing-HOWTO didn't seem to
cover it (I may be mistaken).  

I'd like to figure it out so that I can call up and hassle my ISP if
neccessary.

Thanks in advance, folks.

- -- 
 -=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
 Samuel Tesla                                                   johngalt at io.com
                              Today's Fortune Is:                             

 A 'full' life in my experience is usually full only of other people's demands.

            print: CB1E 678E E7E1 827C E30B  2618 6513 F23C C24B 1FFE           
 -=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE646VjZRPyPMJLH/4RAsaAAKCHwSqKtDiGTgqYCLpOtuLjaEqXVwCgjRe7
jbC+OUreSwLdJVb/LFwrrJE=
=X6Ln
-----END PGP SIGNATURE-----





More information about the Techtalk mailing list