[LARTC] Subnet/routing question

["Larry Flathmann" <larryf@sdintegrators.com>]

Forgive me if this is something so simple that i
should already know it, but i need to understand
if i can accomplish this with Linux routing.

We have a /26 subnet from our ISP, and we have 
been using a Linux box as a firewall to put all 
our workstations behind NAT, with port forwarding 
for any box that's providing a service to the 
whole world.

We now need to implement a system which will not 
support any kind of NAT - it requires having an external IP.

Is it possible to use Linux routing to break up 
the /26 subnet into two /27 subnets, and to do 
NAT on addresses in one of the /27 subnets and to 
route addresses on the other /27 subnet straight 
through to that internal network?

This is what i've tried, which i haven't gotten to work:


     ISP
[x.y.z.193/26]
      |
      |
[x.y.z.194/27 eth0]
[x.y.z.225/27 eth0:0]
  Linux Firewall
[192.168.0.0/24 eth1] (for NAT connections through 
                       the x.y.z.192/27 subnet)
[x.y.z.226/27 eth1:0] (for straight through routing
                       of IP addresses in the 
                       x.y.z.224/27 subnet)

I've added rules to the routing table to create the 
connection, but i cannot get a packet with an address 
in the x.y.z.224/27 range to cross over between 
eth0 and eth1 in either direction. (Connections using
NAT work fine) And the firewall is not stopping them,
because the packets still don't go through even when
i turn the firewall off.

I'm definitely a newbie to the routing area, so maybe 
my routing table is wrong. What would i need in it?

BTW, i'm running Mandrake Linux 8.2 right out of the 
box. Do i have to recompile the kernel to get some
of these options?

Thanks! I can't tell you how much i'd appreciate 
some light on this problem!

Larry
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/