From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael T. Babcock" <mbabcock@fibrespeed.net>
Date: Wed, 10 Jul 2002 20:20:27 +0000
Subject: Re: [LARTC] Subnet/routing question
Message-Id: <marc-lartc-102633248432443@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-102632402821005@msgid-missing>
In-Reply-To: <marc-lartc-102632402821005@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Try:

eth0 (external) - > x.y.z.193/27
eth1 (internal) -> x.y.z.225/27 (non-nat)
eth2 (internal) -> 192.168.0.0/24 (nat)

eth0 -> turn on proxy_arp
eth1 -> turn on proxy_arp
eth2 -> leave proxy_arp off.

This should work just fine.

Connections for the eth1-connected addresses will 'forward' through the 
box (set up your firewall rules appropriately) from eth0 (and 
vice-versa).  To explain what I mean:

ipchains -A forward -s x.y.z.255/27 --jump ACCEPT
ipchains -A forward -s 192.168.0.0/24 --jump MASQ

... have fun.
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/