Ron has a good point-- a "switch" works on MAC addresses, not IP addresses,
therefore a Linux box couldn't be a switch unless you teid arp into
ipchains, and I donn't know how one would go about that.
The best, and easiest way to go about this is to follow Ron's suggestion of
using a segmented LAN structure with different subnets on each linux box
NIC. In this case, the linux box acts as a router, which will accomplish the
same result, a little more effectively. And, at the same time, it can act as
a firewall--serving a dual purpose.
By the way, NetBIOS traffic will not travel through a router at all, unless
the router is set to pass ALL traffic regardless of type. That is not a good
setup. Keeping ipchains set to route only TCP/IP traffic to the appropriate
NICs is best.
You can either set the ipchains rules yourself, or have a script, like
pmfirewall, do it for you. If you are proficient in ipchains, go for it...
it's just too confusing for me.
You should also reconsider the double-assigned IP for the linux Box... give
eth0 its own IP. Is this box internal to your LAN, or does it have a direct
connection to the internet? If the latter, I'm sure you know you'll need to
assign eth0 the extrenal IP given by the ISP.
ipchains masquerading would be necessary, and efficient in this case. I
don't know why you'd want to avoid it in the first place, considering your
desired result.
The other option, is simply to buy yourself a router...but setting up Linux
to do the job is not only cheaper, and more configurable, you can manage it
far more easily as well.
--Greg
> Would it make think somewhat easier if each office had it's own
> network segment?
> The masq'ing box on 192.168.4.x network, and:
>
> NIC on 'linux switch''s
> descrip segment 'linux switch'" IP on each segment
> -------- ----------- --------------- ------------------
> office 1 192.168.1.x eth1 192.168.1.1
> office 2 192.168.2.x eth2 192.168.2.1
> office 3 192.168.3.x eth3 192.168.3.1
> masq box 192.168.4.x eth0 192.168.4.1
>
> If each client had a 255.255.255.0 netmask, then your "linux
> switch" could have an ethX on each of 192.168.[123] and 192.168.4.
> Also, the "linux switch" (as 192.168.[123].1 on each relevant
> ethX NIC) would be the default gw of each client PC.
>
> Would that make the IPchains solution more tractable, since
> all is not on 1 network segment?
>
> Or am I just a dumb sh*t who should keep his hands off the
> keyboard?
>
> Ron
> >
> > On a somewhat related topic, consider this scenerio:
> >
> > I want a linux box to function sort of like a switch, passing through
internet traffic, but isolating each network device from another.
> >
> > Example:
> > eth0 = connection to a Masqing box (192.168.1.x network)
> > eth1 = office 1 (192.168.1.41-50)
> > eth2 = office 2 (192.168.1.51-60)
> > eth3 = office 3 (192.168.1.61-70)
> >
> > In this box, I want no masquerading to take place.. I want a machine
connected to eth1 with an IP of 192.168.1.42 routed right out eth0 as the
same IP. Basically just like I had a dumb hub. The reason for the need for
some intelligience here is that I don't want Win95 machines in office 1
seeing machines in office 2 using their netbios / whatever protocol.
> >
> > The reverse obviously has to work: if a packet comes into eth0 for
192.168.1.65, it should go right out eth3 with that same IP. This means
that eth0 will be responding to several IP numbers, not just its own.
> >
> > If it makes it any easier, I can change eth0's network numbers to be on
another network (like 10.0.0.x), but I still need the 1:1 mapping.
> >
> > How/where in IPCHAINS???
> >
> > Bob
>
> --
>
______________________________________________________________________________
Vous avez un site perso ?
2 millions de francs � gagner sur i(france) !
Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
