tis 2006-10-03 klockan 15:10 +0200 skrev Marco Simioni: > Good idea. I'm not a linux-marker-expert; but can my box NAT > connections coming from two different vlans, even if they come from > identical ips (but of course from different macs)? Or the NAT > connections will go crazy? The NAT will work fine most of the time, but with the same restrictions given before. > Can u explain in few words what would be your idea about marking and > routing? I would have to use 802.1p VLANs and then create an interface > in LINUX for every VLAN? Yes. Linux has very good vlan support. > Then, an independent NAT is applied to every > interface, so that if two identical IPs come from different VLANs, > their NATTing will not collide? The main part here is routing of return traffic to the clients. As this can not be done on IP you have to resort to other techniques. In Linux netfilter/iptables there is a feature called CONNMARK, which allows you to mark individual TCP connections with which interface they vere initiated from. This can then be used in policy routing to route the return traffic back the same path. > What happens if i have an access point connected at my network too, > and i want to perform the same task on wireless connected devices? Harder, but may be doable if you use 802.1x and WPA I think.. but it's somewhat outside my area. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
