[Gllug] Routing and packetfiltering public IPs
Dylan
dylan at dylan.me.uk
Sat Nov 26 04:49:01 UTC 2005
Hi All,
I currently run a network comprising several desktop machines, a server
and a gateway connected to the wild by ADSL. The fixed public IP is
passed to the gateway's external interface by the ADSL router and the
gateway does packet filtering, NAT, etc... The ADSL router will only
connect to one machine when it is in bridging mode.
I'm looking to get an 8 IP block but I'm not at all clear as to how to
configure the gateway for them. There are more machines on the internal
network than available IP addresses (5 addresses, discounting the
network address, broadcast and router, and eight machines.) I intend to
assign the addresses to a DMZ mail and ftp server and the remaining 4
to four of the desktop boxes.
So, any comments on the following options? I'm particularly interested
to overcome NAT problems with applications like VoIP and IM etc. while
creating the least complication for nfs and NIS.
A - All 5 boxes with public IPs connected to the router, with the
gateway routing from the private IP network and NATing etc. This would
mean configuring and maintaining the firewalls on each machine.
B - Having the gateway masquerade internal addresses such that 5 are
associated with specific internal IPs and the other machines are NATed
as usual.
C - Having the gateway filter all traffic, but pass on the public IPs to
their destinations while NATing other machines. Maybe using IP aliases
on the boxes with public IPs to place them on the private network.
Are there any other options? I've read through a pile of docs but at the
moment it all seems a mush of info.
Cheers
Dylan
--
"The man who strikes first admits that his ideas have given out."
(Chinese Proverb)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list