Thanks to everyone who offered help on this. I decided to go ahead and try the Bering distribution and I got it to work after about 30 minutes of reading and configuring! Wow! I was pretty pleased with that. If anybody is interested in how the config stuff looks, send me an email and I'll mail back the config files.
Thanks, Ken > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Lynn Avants > Sent: Thursday, March 13, 2003 2:12 PM > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Adding Extra Static IP's on External > Interface > > > On Thursday 13 March 2003 11:45 am, Charles Steinkuehler wrote: > > OK, so you want port-forwarding on the router, rather than > any sort of > > DMZ setup. > > > > You can probably get this to work, but the configuration > details may > > require some experimentation. > > > > I know Dachstein can run with multiple networks on the same > interface, > > as I have done that several times. I don't think you actually have > > two networks on your upstream link, but instead have one > network with > > a block of IP's routed to you. This has the potential to > confuse the > > equipment upstream if you assign the extra IP's directly to the > > external interface. > > Thanks Charles, I wasn't aware this was possible on different > subnets because of the resulting netmask used w/o hardcoding > everything and bypassing parts of the scripts. > > My concern is that the 206.127.76.231/27 and the block of > 206.127.77.48/28 are not at all within the mask range of his > ISP. If you change the outgoing netmask to accept both > blocks, then your also accepting a ton of addresses that aren't yours. > > > > The "normal" way to do this would be to assign public IP's to the > > desired desktop systems, but this is not necessarily ideal > from either > > a network topology (I'm assuming you have additional > machines you do > > *NOT* which to connect to, and limited IP space), or a security > > standpoint. > > If you can get the external interface to respond to the ip's, > then you could simply 1-to-1 proxy-arp or static-NAT them to > the machines inside and filter out everything but the desired > protocol(s). Using static-NAT would also allow the machines > to participate as normal LAN machines as well. > -- > ~Lynn Avants > Linux Embedded Appliance Firewall Developer > http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
