You could have all of the computers with 192.* addresses and have the Linux box using ipchains or iptables translate any packet on the external address to an internal address... i.e.
201.123.32.12 <-> 192.168.1.12 201.123.32.13 <-> 192.168.1.13 201.123.32.14 <-> 192.168.1.14 201.123.32.15 <-> 192.168.1.15 201.123.32.16 <-> NAT ... NAT <-> 192.168.0.2 NAT <-> 192.168.0.3 NAT <-> 192.168.0.4 ... You can try out this script... It may even work :-). The masquerading should be correct, but the ip mappings may not be and I don't really have a good setup to try them. There is probably someone better with iptables to give you a better answer. They final script is probably more complicated, but this might give you something to start with. You would configure everyone with a 255.255.0.0 netmask with the Linux box with 201.123.32.16 and 192.168.0.1 for addresses. Joel # # iptables. # modprobe iptable_nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -F POSTROUTING iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.12 -j DNAT -to 192.168.1.12 iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.13 -j DNAT -to 192.168.1.13 iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.14 -j DNAT -to 192.168.1.14 iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.15 -j DNAT -to 192.168.1.15 On Mon, Jan 13, 2003 at 03:31:59PM -0800, Ken Bloom wrote: > I'm inventing some random numbers (they're not even valid IP > addresses) to explain the problem better > > The following computers are connected via hub to the DSL modem: > 201.123.321.12 > 201.123.321.13 > 201.123.321.14 > 201.123.321.15 > 201.123.321.16 (eth0) / 192.168.0.1 (eth1) > 192.168.0.2 > 192.168.0.3 > > What can be done so that the 201.123.321.* computers can see the > 192.168.0.* computers? Bear in mind that these computers are not > necessarily all Linux computers, but that we know > 201.123.321.16/192.168.0.1 is a Linux computer. > > > > ---ORIGINAL MESSAGE--- > > From: Rod Roark <[EMAIL PROTECTED]> > > Organization: Sunset Systems > > To: [EMAIL PROTECTED] > > Subject: Re: [vox-tech] bridging subnets > > Date: Mon, 13 Jan 2003 06:53:57 -0800 > > Reply-To: [EMAIL PROTECTED] > > > > I'm surely being dense, but I don't understand what you > > mean. What are the subnets in question? > > > > Here's a thought that may or may not apply. Perhaps you > > can put all the machines on a single LAN behind the Linux > > firewall. Note that you can assign all 5 external IP's to > > this Linux box and then port-forward (with iptables) to > > other machines depending on the destination IP address > > (and/or port number) of incoming packets. > > > > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
