Firstly, sorry for the length, but I thought I'd start
with the full story ...
Hi, I'm new to the LRP but familiar with other unixes.
I have an unusual requirement which I'm sure could be met
by a correctly configured LRP box. Trouble is I have no
idea what that configuration would be, hence this plea
for help.
At work we need to receive daily chuncks of data from a
few different customers, all of whom are paranoid (me too).
Some customers are not happy with our public server or VPN
etc and insist on their own private wire leased line.
We don't want to end up as a communications site as this
is not our core business. So I want to setup something
that shares the same kit for all customers and is easy to
add new customers later.
For the first of these private wire customers we've put in
a Cobalt Raq, which is way over kill but we were in a
hurry and I knew it would work.
Their pw links a pair of their own routers with their own
internal IP address scheme. They have assigned us a
static IP address which we must use for our FTP server.
Our cobalt's public interface plugs straight into their
router so they can push files onto the cobalt's FTP server
in the early hours of the morning. The cobalt's private
interface is on a network with our real data processing
systems, from which we pull the files from the FTP server
for the daily production.
This works fine. However I'd like to use the cobalt's
virtual sites to host an FTP service at another addresses
for the next customer's private wire. The problem is that
if the cobalt's default gateway isn't configured for the
first customer then they can't FTP to it. This will be the
same for all routed customers and I don't want to have to
buy them one each (and maintain it).
I was wondering, with my limited knowledge of NAT, if I
could configure a LRP box as follows:
The cobalt's public interface plugs into the LRP box's
public interface. The cobalt's default gateway is set
to the LRP box's public interface. The LRP box's prvate
interface is plugged into a switch allong with each of
our customer's own routers.
The LRP box then does NAT so that each of customer's chosen
network address is translated through the LRP box to an
address that the cobalt can serve to. If the cobalt's
default gateway points back to the LRP box then it should
find it's way back to the appropriate customer's router
and thus back to their FTP client.
Would this work ?
If so then what should my network.conf look like ?
If not then is there a configuration which would ?
begin ascii art:
_____________
_/ \_
/ \
\_ _/
| \_____________/ |
| |
| | Production server
\_ 192.168.1.254 _/
\_____________/
|
|
_________________________
/ eth1: 192.168.1.14 /| Cobalt Raq FTP server
/ / |
/ dg=192.168.2.254 / / customer pushes files
/________________________/ / from their client PC
| eth0: 192.168.2.1 | / then we pull files from
|_________________________|/ our production server
|
|
+-------------------------+
| eth0: 192.168.2.254 |
| | LRP box running NAT
| |
| eth1: ???.???.???.??? |
+-------------------------+
|
|
+-------------------------+
| [] [] [] [] [] [] [] [] | switch / hub
+-------------------------+
| |
| +----------------+
| | 172.19.1.9 |
| | | router
| | 172.19.1.8 |
| +----------------+
| |
| ____________
| ( )
| ( private wire ) customer 1
| (____________)
| |
| +----------------+
| | | router / firewall etc.
| +----------------+
| |
| +------+
| | PC | ftp client
| | | expects ftp server
| +------+ at 172.19.1.10
| ##########
|
|
+----------------+
| 234.56.7.9 |
| | router
| 234.56.7.8 |
+----------------+
|
____________
( )
( private wire ) customer 2
(____________)
|
+----------------+
| | router / firewall etc.
+----------------+
|
+------+
| PC | ftp client
| | expects ftp server
+------+ at 234.56.7.10
##########
end ascii art
--
Phill Rogers
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
Jersey Post for the presence of computer viruses.
www.jerseypost.com
**********************************************************************
000001
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
