I think you could pick an ip to which all requests to your ip range are
routed. then set up your firewall machine to have two ips one for the
internal network and one for the ip that receives all your requests. set
up ip masquerading and then use a different subnet mask for the internal
ip set the default route for the internal network to the internal ip on
the firewall machine here it is
internet -> firewall -------- internal card ---switch ----- network
215.x.x.x/24 215.x.x.x/23 215.x.x.x/23
you need subnets because otherwise the network will find that the shortest
route is not to go through the firewall machine at all or someone may
circumvent security by plugging straight to the net and killing your
security. Now when you masquerade all requests will apear to come from
your firewall host then it knows how to demasquerade your packets.
Noah
ksemat@eahd.or.ug
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu
