[Gllug] Network configuration

Leandro Stasi lstasi at onetel.com
Fri Jun 20 16:21:07 UTC 2003 

Jonathan,

According the configuration you want the best way to do it is using Proxy
ARP, with public IP adress for the machines running the services that can't
go thru the NAT gateway, and use private IP and NAT for the rest of the
clients.
To confirgure NAT it is simple and you can find a lot of info on that.
For the Proxy ARP config you will need to add some entries in the routing
table it is not dificult but it is a litle tricky.



leandro

----- Original Message -----
From: "Jonathan Dye" <jonathan.dye at automationpartnership.com>
To: <gllug at linux.co.uk>
Sent: Friday, June 20, 2003 11:24 AM
Subject: RE: [Gllug] Network configuration


> Tethys wrote:
> > Jonathan Dye writes:
> >
> >> I want the machines to be public accessible and then use the
> >> firewall to choose what actually gets in.  For example I want to be
> >> able to ssh into any of the internal machines.
> >
> > Use port forwarding on the firewall.
>
> OK, for another example I want to use linphone (which doesn't play well
with
> NAT from what I've found).  I'm not trying to be difficult it's just that
I
> would really like to give them all public addresses.  If my proposed
> configuration is not going to work then I'll probably end up doing
> addressess re-writing (rather than port forwarding).
>
> >> Therefore I though my options were to either give them all real IP
> >> addresses or to re-write the public addresses to private addresses
> >> with a one to one mapping at the firewall. I thought the former would
> >> be simpler.
> >
> > I guess the level of difficulty depends on the individual in question,
> > but I'd have gone for NATing with port forwarding (in fact, I *did*
> > go for that option :-) My home setup looks pretty my exactly like
> > yours, except that I have a few more machines behind the firewall...
>
> I have no problem setting up port forwarding or address re-writing it's
just
> that I thought adding a few routing table entries would be easier (read
> quicker and with more confidence) to do.
>
> Seeing as I only have 3 spare addresses and I'm probably going to end up
> with more that 3 machines soon I might end up with private addresses
> internally anyway.  Then I'll probably end up with the address re-writing
> stuff for specific machines.  I'm just playing around really and want to
try
> all the different options.
>
> > Tet
>
> JD
>
> _____________________________________________________________________
> This message has been checked for all known viruses by the
> MessageLabs Virus Scanning Service
>
> --
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list