> > Is "1.254" the router's gateway address at the ISP? >
Yes. > > Your problem comes from not using the 192.168.2.0/24 > LAN subnet correctly. > > There are only two ways you can get IP addresses to > use on your LAN. Only > two; no others. They are: > > 1. Use addresses that you have been assigned by your > ISP. If your ISP > assigns you an address range, ISP gives us a range from 1.1 to 1.253 > then it will, at its > end, know to route > traffic for those addresses to your LAN. You and the > ISP may still need to > work out some specifics about using the addresses > successfully, but that's > just a detail. In this case, you will not NAT (MASQ) > the addresses, but you > may need to proxy-arp them (see below). > > 2. Use private-range addresses and NAT (MASQ) them > at your router. > > You are not following either of these procedures. > Now your setup is a bit > confusing, Yes, I agree. The connections among the ISP, the ADSL modem and our office network are really confusing, especially between the ISP and the modem. We can only get 192.168.1.xxx by using DHCP and have to through the ISP's 1.254 gateway. Whatelse is setuped at the ISP side? >in that your ISP uses private-range > addresses (the > 192.168.1.0/24 network, it appears, in your case) > for the external > connection. But that does not change the limitations > on you. > > So ... the simplest quick way to get your LAN > communicating with the > Internet is to add (or restore) to the router's > forward chain a rule that > MASQs traffic from 192.168.2.0/24 to eth0. Can I manually run the following command? ipchains -A forward -j MASQ -i eth0 -s 192.168.2.0/24 In fact I tried this (thanks Matthew) before flushing the rules but didn't work. Should I put this rule at the begining of forward chain if there are many rules? > >I suppose that I may not be able to add a new > private > >subnet under the private 192.168.1.xxx. However, I > do > >need to separate the whole 1.xxx subnet into two or > >more subnet. > > Why? As I read your postings, it's not your network > (it is the ISP's > network), so you shouldn't be able to subnet it. > Presumably other clients > of the ISP use other addresses on it to connect to > the ISP ... if this is > wrong, then to get help here, you simply MUST give > us a coherent > explanation of your rights to addresses in the > 192.168.1.0/24 network. > I can either use DHCP to obtain the IPs for PCs in the LAN, or I can manually assign them IPs in the 1.1 to 1.253 range. > >May be I should try to use 192.168.1.192 > >to be my new subnet mask to separte the private > subnet > >but I don't know whether it will work under this > >situation. > > 192.168.1.192 is not a "subnet mask". You probably > mean netmask > 255.255.255.192 (also written as /26),, ascociated > with network address > 192.168.1.192 . I am sorry, I made mistake again. It should be 255.255.255.192. >But that will not work unless: > > 1. the ISP has assigned to you the entire > 192.168.1.0/24 network Yes, we do, except 1.254 which is the gateway at the ISP. > (or at least the 192.168.1.192/26 portion of it). > 2. -EITHER- the ISP knows that your > router's external address is > its route to the rest of that network, > -OR- you use proxy-arp on the > router to make the LAN's IP > addresses in this network "visible" to the ISP's > router. > I think the ISP has given 192.168.2.xxx or even 192.168.xxxx.xxx to someone else. So it may impossible to make my private private LAN visible to the ISP's router. I am not sure whether I have stated the situation clearly. If not, which questions should I ask the ISP to make things clear? Best Regards, Liumei ===== __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
