At 02:49 PM 10/3/02 -0700, Liu Mei wrote: >[...] >ISP gives us a range from 1.1 to 1.253 [rest deleted]
OK, that's different. In that case, you have three options. Option 1: get the ISP to assign a static address to your router (there are several ways to do this, and I don't suggest specifics because the choice is really with the ISP). For the moment, I'll assume this address to be 192.168.1.113. Then get the ISP to update its routing table so its router knows that 192.168.1.113 is their route to (for example) network 192.168.1.0/25 (covering addresses .1 to .126). Now you can use those addresses behind your Bering router and run the router as a regular (non-NAT'ing) router. Option 2: enable proxy arp on the Bering router, and have it proxy arp the addresses you want to use on the LAN. (I don't know how to set up proxy arp using Bering and Shorewall, but it is a standard capability of Linux, so I assume someone more familiar with the distro's specifics can help there, or maybe the Bering docs discuss how to implement this.) This approach may collide with the DHCP behavior of the ISP, depending on the details of how it is set up. Option 3: proceed as you have been, using a different private-address range (192.168.2.0/24) on your LAN, and have the router NAT (MASQ) the LAN. Matthew's suggestion on the forward-chain rule is correct for this, except that it has to be the first relevant rule the packets encounter. So try either inserting it in position 1 or adding if after you flush the forward chain. If your ISP has the practice of using a lot of 192.168.C.0/24 LANs for its clients, you might be better off using a different private-address range, say some subnet of 10.0.0.0/8 ... without knowing more about your ISP, it is hard to be certain. But in any case, you wll need to NAT (MASQ) in this choice. -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
