checkout netfilter and iproute2, just saw a message on another list where
they used netfilter to mark the packets according to destination, then
used the iproute2 to route the packets according to the mark. Just might
be what you're looking for
-Dennis
On Mon, 4 Jun 2001, Pierre Fortin wrote:
> Franki wrote:
> >
> > Hi again peoples...
> >
> > I have discovered that our ADSL connection is in bridged mode, can't be
> > changed and is the reason for the virtual IP's not listening on the net
> > side...
> >
> > So, they tell me that the way around this, is to assign the IP's to internal
> > machines, and route them through the gateway...
> >
> > I don't want any of our internal machines to have public IP's,,,
> >
> > So, I thougth, I know, I will put another linux box behind the gateway and
> > have it listening for those IP's and have it routed though the gateway, then
> > I can use portforwarding on that new box to connect to the internal
> > machines.
> >
> > Then in a burst of thought (unusual for me :-) I thought, since the gateway
> > has two network carts, eth0 (to the internet)h and eth1 (to the internal
> > network), why can't I set the ip alises to eth1 and then route them through
> > eth0 to allow connections to them over the net....
> >
> > I think that will work and will solve my problems, but I am alittle unsure
> > how to go about it...
> > (never had to setup routing before, but was very plesently surprised how
> > easy port forwarding was to setup, and I'm hoping that routing is the same.)
> >
> > So, say the eth0 internet gateway IP was 203.59.43.18 (its not but for
> > discussion purposes it'll do)
> >
> > and eth1, the internal NIC is set to listen for 203.59.43.22, 23, 24 and 25
> >
> > how would I setup routing so that those address's are routed through eth0???
>
> By changing at least one IP address....
>
> the last octet of each address is:
> .18 = 00010010
> .22 = 00010110
> .23 = 00010111
> .24 = 00011000
> .25 = 00011001
> then, using masks like this:
> 11110000 (/28) = all boxes in same net
> 11111000 (/29) = 18,22,23 in one net; 24, 25 in other
> 11111100 (/30) = 3 subnets: 18; 23, 23; 24, 25
>
> If .18 was changed to .1-.15 or .33-.254, a netmask of /28 would work (=2
> 14-host subnets); but the subnet sizes may conflict with your ISP. Since the
> ISP connection is "bridged", you or other customers could interfere with each
> other depending on the setup... To route internally, you would need:
> 2 6-host subnets (16-address range)
> 3 2-host subnets (12-address range)
>
> Starting to see where your ISP would be unhappy...?
>
> SO... how about some real addresses...? It may be that the addresses you were
> assigned cannot be separated by a router.
>
> It may be that your ISP's policies/pricing could force you into using a real
> router or a single IP and IPMasq... I think there is a way to setup Linux as a
> bridge; but since your link is also bridged, you may not like the results.
>
> > any help would be seriously appreciated, if I don't work something out, they
> > are going to insist that all the internal machines have public IP's
> > something I REALLY don't want to do...
>
> So why do you have 5 IP addresses assigned vs 1+NAT (IPMasq)...?
>
> Pierre
>
> > please can anyone help me out here???
> >
> > many thanks and kindest regards..
> >
> > Frank
> > Perth WA
>
> --
> Support Linux development: http://www.linux-mandrake.com/donations/
> Last reboot reason: 01/03/27: winter storm 6hr power outage
>
