Lee W wrote:
> Peter Farrow wrote:
>
>> You might also find this useful....
>>
>> http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html
>>
>>
>
> Thanks for all the links, although I don't think they are what I'm after.
>
> What I'm trying to do is setup something which ( I guess) is something
> similar to that which an ISP may have. For example
>
> ISP External Interface = 55.20.0.2 / 255.255.0.0
> Client 1 external interface = 56.1.1.2 / 255.255.255.0
> Client 2 external interface = 56.1.2.2 / 255.255.255.0
I take it that you have an ISP gateway and then a bunch of ip ranges
assigned to you by your ISP?
>
>
> Each of the clients are running a server on 56.1.x.4 which needs to have
> a public IP (e.g. an SSL web server) therefore NAT of any kind cannot be
> used.
>
> The ISP central router is responsible for directing the packets at the
> correct client router with I guess some form of routing table (but I
> haven't got that far in my studyies yet).
If your box has a link on 55.20.0.0/255.255.0.0 and then more physical
links to 56.1.x.0/24 individually (machines on two separate physical
networks) or one more physical link to 56.1.1.0/23 (all machines on one
physical network and you are going to assign ips from 56.1.1.x and
56.1.2.x) then all you need is setup the default route of the box to
55.20.0.2, enable ip forwarding and then point the default route of all
clients to the box's corresponding ip on their subnets (eg: two physical
links, 56.1.1.1 and 56.1.2.1) or on their subnet (only one physical
link, 56.1.1.1)
If you want to control what packets get through the box, use the
iptables -t filter FORWARD chain.
