[Gllug] (no subject)

Dylan dylan at dylan.me.uk
Tue Apr 19 22:25:18 UTC 2005 

Hi All,

I'm considering leasing a block of (8) routable IP addresses. Currently, 
I have the following setup:

                           WEB
                              |
                       <public IP>
                     ADSL BRIDGE
                              |
                       <public IP>
                        GATEWAY
                   192.168.250.251
                              |
                          SWITCH
         _____________|________________
         |                  |           |               |
192.168.250.1        ...2       ...3    ...    ...x
   CLIENT1         CLIENT2 CLIENT3 ... SERVER
192.168.0.1           ...2       ...3    ...    ...x
         |___________|_______|_________|
                              |
                        SWITCH
                             |
                      OTHER CLIENTS
                      (no web access)

All "internal" services (NIS, nfs, ...) run on the 192.168.0.0 side. The 
gateway does packet filtering (iptables/SuSEfirewall2), web caching 
(squid), DNS (bind 9), etc... Now, with 8 routable addresses, I 
understand one is the network address, and one the broadcast address, 
leaving 6. Of those, the gateway takes one, leaving 5. So far so good. 
Currently, there are 5 machines which 'need' (read: I want to have) 
routable IP addresses, and one which can "do without." I would like to 
keep the same basic layout, with the addition of a DMZ machine (which 
will take the last IP) for mail, ftp-server, jabber, and likely other 
things as and when.

What approaches are there for setting this up? While the ADSL router can 
be configured appropriately, it only has 4 internal ports, and anyway, 
I'd rather not run full network security on multiple machines. Can the 
gateway be configured such that a defined external address is always 
associated with a specific internal address for NAT? Better still, can 
it packet filter all the routable addresses and then pass them on, 
while still doing NAT for clients without routable addresses? If I gave 
each machine with a routable address an internal alias address on the 
same interface, how would I know or control which one was used as the 
source address?

I've googled around for info but haven't (yet) found anything which 
helps much. Any pointers?

Cheers

Dylan
-- 
"I see your Schwartz is as big as mine" 
                                  -Dark Helmet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list