On Thu, 2007-03-08 at 19:46 -0700, Hans Fugal wrote: > Can you tell I'm reworking my LAN? > > I have a public /29 subnet, meaning I get 6 public IPs. Amazingly > enough, I have 6 devices that could use a public IP. Perhaps even more > astounding, I on occasion have more devices that get a private IP in the > range 172.17.0.0/24. > > Here is how I want things to work: > > ISP -- cisco -- openwrt -- LAN > > cisco, openwrt, and 4 devices in the LAN have public IP addresses in the > same /29 subnet. I want openwrt to do NAT (as needed for the private > subnet), routing, and firewall.
NAT is your answer. Your router would then NAT any of the /29 subnet to a specific set of private IP addresses, in and out. This is clean, doesn't require a complicated routing table on the clients, and is how it would be normally be implemented in an enterprise anyway. We do this on a large scale at work with a Cisco PIX (save your money; linux makes a better firewall and has more throughput too) and our internal network, all done on Cisco routers and switches. You can do this by either creating 4 virtual interfaces on the openwrt box, or using some kind of proxyarp solution. Michael > > I also want to, if possible, limit the broadcast domains so that cisco > and openwrt are separate. Therein lies the rub. Can I set up VLANs on > openwrt and still route between everybody on the same /29 subnet? > > openwrt is a 6-port switch, basically. One port goes to the chip > (router), which is in turn connected to the wireless interface. The WAN > port and the other 4 ports are all on the same switch, and separated (or > not) by the VLAN configuration. > > The Cisco is a beautiful thing but I want to do as little as possible > with it. > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
