At 08:50 AM 7/13/02 -0700, Harold Miller wrote: >Lynn, > Maybe I'm hiking off in the wrong direction. > >I wanted to have a MASQ'd windows net, and 3 Internet Servers (WWW/DNS, >SMTP/DNS, WWW) connected via a Bering RC3 firewall to a Cable modem on the >Internet. I assumed (yes, I know what it stands for) that to do that I would >need 5 IP's in the same subnet,
I count 4 addresses, not 5 -- one for the router itself and one for each of the 3 servers. The NAT'd LAN does not need a separate external address; it uses the router's own address externally.. Actually, if you did it by service, not by server, you could get by with 3 addresses ... but doing it that way is a bit trickier then you probably want to try for. As to the "same subnet" part, see below. >with the firewall eth0 being the connection >to the INTERNET, and eth2 being the "gateway" for the servers to toss their >data to. eth3 would service the MASQ'd boxes. When it was all running I was >gonna TRY to config eth1 as a backup net connection, perhaps using DSL or >ISDN. The backup will also be tricky, at least for the servers, unless you go to something a lot more complex (and probably expensive) than you are likely to have in mind. >Is there a better plan? The Cable Co will sell me 5 IP's, but they may NOT >be in a sub-net and they have to be issued at least once thru their DHCP >server, to avoid conflicts with their other clients. I've never tried >routing individual, non-related IP's thru a firewall... They can't be *completely* non-related. They will have to be on some definable network, or else the ISP won't be able to handle the routing in any sensible way. But they may be non-continguous addresses on a /24 or /22 (or whatever the ISP uses) network. Individual addresses can be handled with proxy arp, and that is probably the easiest way to do what you want. You can'ty simply "route" them unless the ISP cooperates, modifying its routing table to identify the LEAF router's IP address as its route to the other 3 (or 4). The tricky part for proxy arp is the DHCP part. I don't know of a way for the LEAF router to acquire, via DHCP, multiple addresses, then proxy-arp (and pass on to the actual servers) all but one of them. If the addresses are stable, though (I infer they might be from the "at least once" phrase), you can just get the ISP to issue them initially by connecting the hosts directly to the ISP, then treat them as static addresses for proxy arp setup. OTOH, if the addresses will change a lot, then how do you propose to use them to run servers? You appear to be intending to run authoritative DNS servers for your domain locally (otherwise your DNS resolvers do not need to be "Internet servers"), and to do that, you need stable, predictable IP addresses, not ones that change at the cable company's whim. >Thank you for your time. I DO APPRECIATE the prompt, and mostly accurate >support this group provides. Perhaps some day I can assist, when I've a bit >more experience in this specific arena. (I'm not afraid of writing technical >documentation.) -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
