[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

how do i NAT a legacy network ?

An interesting problem...

we have a legacy network which has IPs : 95.x.x.x ( NOT REGISTERED, i.e illegal)
that we can't change now !!! ( those network enginners of 1994,when the network
was installed; obviously did not know about rfc1918  )

now we want to connect this network to the Internet... we cannot re-number our
network... so i looked at using a linux box with NAT ...that should be straight
forward ... right ? wrong ! hey this is fun !!

and i am a bit confused...

NAT -- for 2.0.36 and 2.2.x is available ... but it does NOT support "Dynamic
NAT" i.e. 95.x.x.x NATed behind ONE IP
It does support static NAT though ... it should be good to NAT our internal web
server with a Legal IP.... (any comments ?)

The new NAT code IPROUTE in the  2.3.x kernels requires iproute ... whose docs
are not good enough for me(anybody care to explain ?)... and then the code is
still very alpha...

IP MASQ supports network NAT very well....but the docs say that we have to use
only private IPs..... so .. can i use IP MASQ to hide my 95.x.x.x network also

I also plan to use IPCHAINS to filter the traffic....the HOWTO is clear
enough... !

so what is the best solution ? ... we have been using Checkpoint FW-1 till
now... and it works fine.... i believe i can reproduce all functionality on
Linux too...

what says u ?



Reply to: