Re: Is this possible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Fisher Alex <Alex.Fisher@xxxxxxxxxxxxxxxxxx>
wrote:

> I'll do my best to explain what I'm trying to
> acheive with a linux box 
> and 3 NICS.

  I'll do my best too. :D

> 
> I have two sets of systems.  Each system has about
> 30 IP addresses 
> spread across various bits of hardware.  The two
> systems are identical 
> (ie have the same 30 IP addresses).  The addresses
> are all part of the 
> class C subnet 192.168.0.*
> 
> The IP addresses for each system are now set in
> stone and can't be 
> changed.  Furthermore, similar addresses are already
> in use on our network.
> 
> I've been given a set of IP addresses I CAN use
> (172.26.158.*)
> 
> A diagram might help here ...
> 
>    -----------        -----------------
>    - System1 ---------|eth1            |
>    -----------        |                |
>                       |  Linux Router  |
>                       |           
> eth0|------------Rest of the network
>                       |                |
>    -----------        |                |
>    - System2 ---------|eth2            |
>    -----------        ------------------
> 
> I also have an address I can use for eth0 which will
> make the router 
> visible from machines on the rest of the network. 
> This can be set as 
> the default gateway for connections to the
> 172.26.158.* subnet.
> 
> I would like PCs on the normal network to be able to
> connect with either 
> system by addressing them with addresses off the
> 172.26.158 subnet. 
> I'll assign 30 of these IPs to each system.
> 
> For example. 172.26.158.10 might be mapped onto
> 192.168.0.2 on eth1
> whilst  172.26.158.50 might be mapped onto
> 192.168.0.2 on eth2
> 
> Is this at all possible?  I assume I'll need to use
> at least DNAT but 
> also apply some other trickery to route to the
> correct interface.  As a 
> newbie to IPTables, I'm not sure how I might even
> begin to set up rules 
> for this.

  I guess what you basically need to do is DNAT, as
you got it. In addition you also need a way to
distinguish packets to the two subnets. Since at eth2,
by the IP you know where that packet is destined, you
could use the MARK target to mark the packets
appropriately. Later on, you could use this mark and
appropriately force route the packets to the
appropriate interfaces using the ROUTE target.

  I guess this should work, though I may be totally
wrong.. being pretty new to iptables myself.

> 
> Hopefully this is the sort of thing people want to
> do all the time and 
> it will be easy :)
> 
> Any help would be very much appreciated.


=====
Regards,
Kiran Kumar Immidi


	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux