[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building network


Jack Knowlton a écrit :

ppp0: bridge interface (PPPoE via eth0)

ppp0 is a PPP(oE) interface, not a bridge interface.

eth1: LAN with public IP interface (xxx.xxx.xxx.153)
eth2: LAN with private IP interface (

eth0: LAN with public IP (in /29 subnet)
eth1: LAN with private IP (

same as server2

Why do you need some servers to have an interface in the private LAN ?

eth0: LAN with private IP (

What I want is that {Debian} does not do NAT on the LAN with public
addressing (just route the connections to the appropriate servers) but do
it for the LAN with private adresses,

In your iptables ruleset, just add "-s <private_subnet_prefix>" in the SNAT or MASQUERADE rules, so only the private addresses are masqueraded.

so that wifi clients can stay secure.

NAT is *not* for security. Netfilter NAT does *not* provide any filtering. The use of private addresses breaks end-to-end connectivity, and NAT just allows to restore a partial connectivity. Broken connectivity may be seen as some sort of security, though, but not the NAT itself...

Reply to: