bsilva wrote:
You can use either routing/forwarding or bridging for this problem, however, bridging is simpler in many ways. If you use bridging, there is are fewer impacts on the design of the rest of your network. If you use routing, then the router that connects the PC with two interfaces to the Internet needs to know about the network on the other side of the PC (in a small network this can be done by adding a static route). So, in this example: ----------- ----------- ----------- | Router/ | | PC | | PC | | Firewall|.1 Net A .10| with 2 |.10 Net B .11| with 1 | | to |----------------| NICs |------------------| NIC | | Internet| 192.168.1.0 ----------- 192.168.2.0 ----------- ----------- Each network is /24 (netmask of 255.255.255.0)
If instead, you further subnettted 192.168.1 with a /25 on the PCs (but still a /24 on the router), the Router/Firewall wouldn't have to know about the other subnet. It could just blythly ass-u-me that the end-PC was on the same network segment as the middle PC. So long as the middle PC was configured with a static, public ARP entry for the IP of the end PC, and had ip_forwarding enabled, it would "front" for the end PC.
rickjones -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
