(sorry, the first time it went out incomplete) > > The link between the carrier and the linux box happens using WAN addresses, > > ie. 172.x.y.1 (them) <--> 172.x.y.99 (us). All traffic is exchanged using > > those two addresses - they just won't route traffic not being routed from > > 172.x.y.99. > > Oh, so when you say "WAN address", you actually mean another private address > (172.x.x.1), not the public address you've been assigned as part of your > pool? Exactly. WAN is the term the carrier uses for this. > > I think I understand now - you're talking about the router addresses which can > talk to each other, not the source addresses of the packets being routed... Exactly. Those are always public IP addresses. > > The route also has 192.168.21.1 on another NIC, which is connected to our > > own LAN. It also has our first public address - so traffic we generate to > > internet uses this public address, and traffic coming from internet goes to > > this public address. (being routed through the 172.x.y.z) addresses. > > What (exactly) do you mean by "It also has our first public address"? Is > that public IP assigned to one of your router's interfaces? If it is, Actually I don't have it *assigned*, because the interface where packets come from internet has 172.x.y.99... so when anything comes to our first public address, I DNAT it to the router private address. I guess I could 'ip addr add' the IP instead of doing this. then > simply connect the machine needing the second public IP address on it to that > interface, How? By connecting the router interface, the second machine, and the carrier gateway to the same switch/hub? I'm not sure that would do, remember that packets to the internet must come from the router using the 172.x.y.99 address...so the second machine and the carrier gateway can't talk to each other directly. Carlos.
