/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Bernard Puc wrote:
> Hello,
>
> I have a configuration question. My current linux firewall has three
> NICs, one for the connection to the ISP and two for internal subnets.
> We are changing from an ISP which provided a class C block of addresses
> to an ISP which will provide only 4.
meaning 2 routable addresses, right? plus the network address
plus the broadcast address equals 4 addresses.
> I am planning on masquerading the
> addresses on the two subnets but I want traffic for the real IP
> addresses to pass through the firewall as well.
where will the address be? inside the network?
won't at least one of them be on the external
interface of the firewall/masquerading host?
that only leaves 1 routable address to use
inside the network.
> Will I need a fourth
> NIC in order to network the other ISP provided addresses?
no. you can masquerade internal hosts selectively:
ipchains -A forward -s $realip -i $extif -j ACCEPT
ipchains -A forward -d $realip -i $intif -j ACCEPT
ipchains -A forward -s $intnet1 -i $extif -j MASQ
ipchains -A forward -s $intnet2 -i $extif -j MASQ
ipchains -A forward -j DENY -l
this will forward traffic to/from the internal host
with the real ip address but masquerade everything else.
> The other
> addresses will be for a mail server, DNS, and webserver. Any pointers
> appreciated.
i don't think you have as many routable addresses as you
think. you might have to get 2 lots of 4 addresses,
preferably contiguous.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
