[Madlug] linux vlan/bridge/router ?

Travis Sobeck nex916 at yahoo.com
Tue Oct 2 14:25:58 CDT 2007


One quick thing, "The 10.10 and 12.12 subnets
> are actually public", I thought all of 10.x.x.x was
a private IP range (or maybe you're just using them as
dummy numbers for illustration).  

Anyways, looking at the picture, in order to Not have
to use NAT, you would have to break up the 10.10 and
12.12 networks (with /30 subnet for example) and add
routes to rtr1 and rtr2 to direct the rest of the
network segment to the linux box.  But then you have
to monkey with the subnet mask on all the clients in
those segments and it can get to be messy.  

Based on the picture, NAT might just end up being the
simplest solution.  

travis.


> Martin A. Brown said the following on 10/01/2007
> 11:32 AM:
> >  : If you don't need nat, then why bother.  You
> can put all the ACL
> >  : statements you want on the forward chain.
> 
> Hello Martin (Travis, Marcin)
> Thanks for the handy links.  I was looking for a
> good pic of iptables,
> the ones you included are really nice.  I'm going to
> have to think about
> what you mentioned of putting the second ip address
> on the same
> nic. That would indeed simplify the whole setup. I
> presume a virtual
> interface makes no difference to netfiler (iptables
> -I INPUT -i eth0:0 ...)
> 
> So prerouting is going to come at a cost of
> maintaining something
> in the nat table that might not otherwise be
> necessary. K I'll look into
> just using the forward chain.
> 
> This* is what I mean to accomplish - hopefully a bit
> more illustrative
> than the ascii art.  There are actually a couple
> more servers involved,
> (up to five possibly). The 10.10 and 12.12 subnets
> are actually public
> IP addresses (only one of them has an a record). 
> The linux box would
> give me a way to "tie" the two endpoints of both
> subnets together into
> one dmz and give me some better control over what's
> coming and
> going in and out of the new dmz.
> 
> Thanks for all the input!
> 
> [*] http://webpages.charter.net/tux/tmp/foo.png
> _______________________________________________
> Madlug mailing list  -  Madlug at madisonlinux.org
> http://www.madisonlinux.org/mailman/listinfo/madlug
> 
> -- 
> 
> digitek at charter.net
> key id: 0xF6FA6D1E
> 



       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/



More information about the Madlug mailing list