(sorry, missed my first shot) On Mon, Aug 11, 2008 at 9:43 PM, alexander lind <[EMAIL PROTECTED]> wrote: > > On Aug 11, 2008, at 12:36 PM, dermiste wrote: > >> On Mon, Aug 11, 2008 at 6:57 PM, alexander lind <[EMAIL PROTECTED]> wrote: >>> >>> Hi List >>> >>> Is it possible to bridge and NAT on one single network interface? >>> >>> >> I did something along these lines, but on the internal iface I used >> two 802.11Q vlans. The first vlan was bridged, and the second one >> NAT'ed. But it should work without vlans. You should set up some >> filtering on the bridge to ensure only the public boxes ll@'s go >> through. > > If you don't mind me asking, did you go with the vlan solution as an added > security layer, or did you have any other thought behind that? >
It was mostly to do a clean separation between IPv4 traffic (NAT'ed) and IPv6 traffic (bridged). My ISP provides both, with dhcp for v4 autoconf and rtsol/rtadv for v6 autoconf. I could have done the same by prohibiting rfc1918 source addresses on ext_if and non-rfc1918 source addresses on int_if. -- Vincent Gross "So, the essence of XML is this: the problem it solves is not hard, and it does not solve the problem well." -- Jerome Simeon & Phil Wadler
