Hi again Eric, On Mon, Jan 09, 2006 at 04:10:41PM -0500, Eric Maynard wrote: > Thanks Peter. > > Your reply has left me with a real warm-fuzzy feeling about all > this and a desire to make this work more than ever. Great! :) > I know I've some more researching ahead of me as I will need to solve > the issue of NATing from my firewall NAT is a oneliner: iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE or possibly: iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o eth0 -j SNAT --to 1.2.3.4 MASQUERADE automatically SNAT:s to the first IP address on the outgoing interface. SNAT requires you to specify a static IP in the rule. Both these rules assume that your internal network is 192.168.42.0/24 and that the external interface (connected to ISP router) is eth0. Learn iptables from: http://iptables-tutorial.frozentux.net/iptables-tutorial.html http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.html and other links at: http://www.netfilter.org/documentation/ Make sure you enable IP forwarding as noted before, otherwise Linux just doesn't route anything. > as well as how to teach it how to prioritize, but if I can at least > get it route the packets inter-VLAN for now, I will consider this a > successful purchase and start to the implementation. Inter-VLAN-traffic isn't routed but bridged. Routing only happens when traffic is forwarded from one IP network to another, so internal <-> internet traffic will be routed. > thanks again and I will be in touch, I hope you'll get it all to work! Oh, another thing I mention in a follow-up to the original thread with the nice ASCII: vconfig set_flag vlan2 1 1 is required for each virtual VLAN interface in Linux in order to get dhcpd to run properly. //Peter
