Network setup...... NAT, MASQ, portfw, Transparent Proxy
Hello everyone,
I've a problem with setting up some network. Company I'm working for is
going to distribute internet to some clients. This will be done by leased
lines and 115.2 modems. But this is not the problem. We are also leasing
access from our provider by two 230.4 lines. So our network looks similar
to that:
| SWITCH | - provider
\-----|-----/
| - ethernet connected to switch
| and then to the Net
+--|--+
| S-1 | MASQ
+-|-|-+
| | - two leased lines
| | 2x230.4
+-|-|-+
| S-2 -------...(local Ethernet)
+|||||+
+----------------+++++-------------------+ (clients)
+-|-+ +-----------+|+---------+ +-|-+
|c-1| +-|-+ | +-|-+ |c-n|
+-|-+ |c-2| . |c-3| +-.-+
| +-.-+ +-.-+ (some clients also with MASQ)
| - clients local
. Ethernet
So, here's short description:
-------------------------------
Server S-1 has direct connection to Internet through switch. This switch
distributes packets basing on ARP. From this server we have two 230.4
lines to primary company server -- S-2. On this server (S-2) we have all
services (SMTP, WWW, POP....), and we can't place them on S-1. From S-2 we
are distributing Internet to our clients by 115.2 lines and also to our
local Ethernet. Every client and host on our local Ethernet has it's own
private network IP (192.168.x.y)
And here's the problem:
-------------------------
Most of our clients want to have their own server on Internet. Let's say
that client 1 has server c-1. He wants this server to be accessible
through Internet (for WWW, FTP....). We have some public IP to assign to
that server. But..... To enable it (IP) to be routed to our network we
need to distribute it's ARP entry, so that switch will know where to send
packets desired to that host. We can't proxyarp through two PPP
connections. So I currently have aliases on S-1 and then I forward some
ports (using portfw) to desired host inside. It works. But I don't think
this is a good choice. Because in the future when they'll start adding new
services, everyone of them should be added to port forward on S-1 and
secondly now every client is masquaraded as S-1. But they should be
masquaraded with their own IPs....
Now some questions:
---------------------
* Is there possible to masquarade on different interfaces in one host, for
ex. if alias eth0:0 has IP of x.x.x.x and alias eth0:1 has IP y.y.y.y then
to masquarade subnet 192.168.2.0/24 as x.x.x.x and subnet 192.168.3.0/24
as y.y.y.y?
* How to make this hosts (c-1, c-2, ...., c-n) be visible from Internet
using some other methods, maybe NAT, transparent proxy???
Any reply will be pleased. :-)
--------------------------------------------------------------------------
I don's speak fluently english so if you have any questions about this
descriptions, just ask, I'll try to describe it in other words :-)
--------------------------------------------------------------------------
--
------------------------------------------->---
_Sebastian Podjasek_, podjasek@tel.debica.pl >---
----------------------------------------------->---
Software is like sex; it's better when it's free.
-- Linus Torvalds
Reply to: