On Wed, 2 Aug 2000, guy keren wrote:
> what's wrong with configurating the linux machine as a router, define it
> as the default route for all machines on the LAN, and define the network
> router as the default router of the linux machine? then, define on the
> router that the route to that class-C subnect is the linux machine?
>
> this doesn't look harder to configure then configuring (and maintaining)
> the network without the linux box in the middle...
because you have the ONE class C to handle, the linux has to have
addresses from the same class C on both NICs but the net route and the
default route go to different interfaces, then the router needs a
special config for all the addresses it thinks are broadcastable on the
LAN are actually all routable through only one address in that subnet,
which is hard to do unless you know the router well (and not all routers
are as flexible as Cisco, and not all sysadmmins know how to cinfig the
cisco, and not all ISPs give you the password to the router, and not
all ISPs know HOW to config the router for non standard topologies)
then add on top of that that the ranges for port filtering of machines
inside and outside the firewall are on the same subnet and therefore
non-consecutive, broken subnets, and you see you have X2 or X3 the
number of rules in IPchains too, which is an additional headache (maybe
netfilter solves that with propper ACLs?). in the end, like I said, I
gave up and just masquaraded the subnet, even though it had legal IP
addresses. it's also a tad safer if you ask me, to have a one way access
from the inside guaranteed, with NAT you can't accidently have random
packets passing through unless the firewall is compromised.
--
Ira Abramov, GNU/Linux advocate.
(@-
//\ "Akamai, Google, MicroSoft, Sun, Oracle, Intel, NASA, Sony,
v_/_ Python, JPG, PNG - CS masturbation is changing the world."
-- C.S. explaining her views on masturbation to Linus, 3/7/2000
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
