[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Setup of Internal Network with Many Real IPs



Hello All,

I'm hoping to get some advice on a LAN setup for my office.  Currently I
have a nice easy configuration:

                           [ Internet ]
                                |
                                |
                          202.44.163.105
                           [ Firewall ]
                             10.0.0.2
                                |
                                |
                            10.0.0.0/24
                             [ LAN ]

I use Iptables on Woody for the firewall and NAT.

In the next month or so, we a are switching providers for a faster,
cheaper connection.  We are also getting a range of twelve IP addresses
for our own use.  To make things tricky, a new group are entering the
office space and they would like to share our connection and take two of
our IPs that we will charge them for.

So, the new setup will look like this:

                           [ Internet ]
                                |
                                |
          202.45.126.237, 202.45.126.236, 202.45.126.235
                           [ Firewall ]
                               / \
                 /------------'   `-----------\
                 |                            |
                 |              202.45.126.236, 202.45.126.237
                 |
             10.0.0.0/24
              [ LAN ]

I want all the 202.45.126.237 traffic to be NAT'ed to my 10.0.0.0/24
network, but all the 202.45.126.236 and 235 traffic to pass straight
through to a couple of machines that this new group will bring in
without being NAT'ed.

I can see how this will work on the external interface of my firewall,
just by aliasing several IPs to the interface, but internally I don't
know where to start... is it possible just to route all 202.45.126.236
and 235 traffic through to specific machines?  Will I need to install
more network cards?  What IP addresses do I assign to my internal
interfaces?  What addresses should be assiged to the machines receiving
the traffic for 202.45.126.236 and 235?  What (if anything) do I need to
tell Iptables about this?

As you can probably tell, I'm lost on this one.  Any advice or pointers
to a good reference would be much appreciated.

Regards,

Lucas



Reply to: