Tanx for the help.
The problem with your solution is that i must make the decission, to route
the packages through the tunnel or to masquerade them, on the linux gateway.
The solution would work if i wanted to route all packages through the
tunnel.
After a package has passed the linux gateway (tunneled or masqueraded) it
has a dest ip which it will be sent to. The package get sent using the
routing table.
This is the problem.
The problem would be solved if i could create 2 default gateways and could
specify which one to use based on the source ip-address.
I just tried ip-chains (with patched 2.0.36 kernel). This also lacks the
functionality to masquerade IPIP frames. If I have time, I will try an
experimental kernel today. But maybe there is a better solution......
Megavolt wrote in message <[EMAIL PROTECTED]>...
>It would work fine... if you set your default gateway on your local-net
>computers to the ip address of the isp guy... and set the routes on your
linux
>gateway to find the isp guy through the tunnel... I dunno if this will work
for
>you... you might have to use NAT to change the source/dest IP addresses...
but
>this might head you in the right direction? :)
>
>Eric Kluft wrote:
>
>> Hi all,
>>
>> My provider gives me 1 ip-number. They don't have the abillity to route
more
>> ip-numbers to me. A friend of mine, however, is working at another ISP.
By
>> tunneling (linux IPIP) I route 32 ip-numbers to me from that ISP. I just
>> route all computers on my local network over the tunnel to the internet.
>> (/sbin/route add default gw w.x.y.z tunl0)
>> So far so good.
>> The problem is that the tunnel uses 8 extra hops so the connections get
>> slower. The solution to this problem is to masquerade the workstations
and
>> to tunnel the servers.
>> I can't do this on 1 server (because i must choose to route the default
>> gateway over the tunnel or ethernet interface (can't use both)).
>> If I use 2 computers, 1 computer is connected to the internet and
>> masquerades all computers behind it. The second computer contains the
>> tunnel. The source address of this tunnel server should be rewritten by
the
>> masquerading server.
>> This last piece however is not possible. Tunneling uses RAW ip for it's
>> frames and you can't masquerade RAW ip.
>> I know this is the case for standard 2.0.35 kernels, but maybe there's a
>> solution for it. The solution as offered for microsoft PPTP does not
work.
>> Does anyone know if ipchains has the abillity to masquerade raw ip?
>> Does anyone know if NAT has the abillity to masquerade raw ip?
>> Does anyone know a different solution?
>>
>> Tanx in advance,
>>
>> Eric.
>
>--
>"If all else fails, you can blame it on me..." - Barenaked Ladies
>To respond to my Email take out the antispam message
>in my reply address --> "isnot"
> [EMAIL PROTECTED]
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
