Re: Public / private IP addresses
Antony Gelberg <antony@antgel.co.uk> writes:
> I've dealt with quite a few LANs over the years. I'd like to try
> something that I never have done before...
>
> I work with ADSL providers who allocate 5 public IP addresses (sometimes
> 1) to a connection. If I have a LAN of, say, 20 workstations, I can use
> NAT, and give them private addresses - no problem.
>
> I usually have an ADSL router / modem, hooked up to a Linux box
> configured as a bridging firewall, which connects to a switch.
>
> But if they wanted to run a public email server as well, clearly that
> needs a public IP address. Fine, but how does the routing aspect work?
> Do I need to ditch the bridging configuration on the firewall and
> reconfigure it as a router with 3 NICs?
You can run two IP networks on the same physical network; I do that
here for arcane and esoteric reasons. :-) If your ISP gives you
static IPs, this is easy; you arrange for the mail server to have an
externally visible IP address (either by configuring it directly or
having your local DHCP server hand it an external address), and tell
your firewall machine that that address is internal and that it should
route it directly without NATting. I don't know if this is a solvable
problem if you need to get the second address by DHCP, though; I could
envision some cleverness wherein the gateway machine acts as a
transparent bridge if it sees traffic from the specific MAC address of
the mail server, but I'd have no idea how to set it up under Linux.
In that case, having three NICs probably would help, since you could
bridge from DMZ<->external and NAT from internal<->external.
--
David Maze dmaze@debian.org http://people.debian.org/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to: