Re: [LARTC] How to set a host with public IP within a private network?

[Grant Taylor <gtaylor@riverviewtech.net>]

I think you want to take a look at a bridging router.  I would be 
tempted to set up a bridge between eth0 and eth1 on the Linux router and 
then use ebtables to decide if the traffic should be bridged through or 
sent up to the higher layers of the protocol stacks.  I have a feeling 
that you would have to move all IP addresses from eth0 to br0 (the new 
bridge interface).  I think you would have a command like this to decide 
if an IP needed to be routed or bridged.

ebtables -t broute -A BROUTING -d 5.6.7.201-j ACCEPT
ebtables -t broute -A BROUTING -s 5.6.7.201 -j ACCEPT
ebtables -t broute -A BROUTING -j DROP

An excerpt from the EBTables man page:

*broute*, is used to make a brouter, it has one built-in chain: 
*BROUTING*. The targets *DROP* and *ACCEPT* have special meaning in the 
broute table. *DROP* actually means the frame has to be routed, while 
*ACCEPT* means the frame has to be bridged. The *BROUTING* chain is 
traversed very early. It is only traversed by frames entering on a 
bridge enslaved NIC that is in forwarding state. Normally those frames 
would be bridged, but you can decide otherwise here. The *redirect* 
target is very handy here.

Give this a whirl and see if it will do any thing for you.  If you need 
more specifics just ask.



Grant. . . .

panca sorin wrote:

>Hello! I have the following setup:
>1) a connection to my ISP with a public IP (1.2.3.4)
>with the gateway 1.2.3.1
>2) an allocated IP class with 64 addresses
>(5.6.7.192/26)
>3) two LANs connected through two NICs:
>    a) 192.168.0.0/24 on eth1 (192.168.0.1)
>    b) 10.0.0.0/24 on eth2 (10.0.0.1)
>
>The IPs from the allocated class are all assigned to
>eth0.
>The networks are SNATed to the external IP and to all
>IPs in the allocated class in a round-robin fashion.
> (-j SNAT --to 1.2.3.4 lowest_IP_in_class
>highest_IP_in_class)
>
>My question is:
>Is it possible to assign one IP from my allocated
>class to an internal machine without changing eth1 or
>eth2 IPs *OR* without adding a subclass of my
>allocated class to eth1 or eth2 in order to give an ip
>to an internal networked machine?
>What command should i give if that setup is possible?
>Desired Network Diagram:
>
>    ----------
>/---|Internet|
>|   ----------
>|eth0                  192.168.0.1           10.0.0.1
>|  ----------             eth1                 eth2
>\--| Linux  |--------------v--------------------v
>   | Router |              |                    |
>   ----------              |                    |
>                           |                    |
>      -------------        |      ----------    |
>      |192.168.0.2|--------<      |10.0.0.2|----<
>      -------------        |      ----------    |
>            .              |           .        |
>            .              |           .        |
>            .              |           .        |
>     ---------------       |      ------------  |
>     |192.168.0.254|-------<      |10.0.0.254|--<
>     ---------------       |      ------------
>                           |
>                           |
>     -----------           |
>     |5.6.7.201|-----------<
>     -----------
>
>I would de-assign some of the addresses from eth0 to
>re-assign them to locally connected computers...
>
>Thank you in advance for your help!
>
>
>
>		
>____________________________________________________
>Start your day with Yahoo! - make it your home page 
>http://www.yahoo.com/r/hs 
> 
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>  
>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc