> Ok heres the scoop
> The Gateway box (right now the firewall) is 18.104.22.168
> First address (network Number) this is from the SBC global letter
> Broadcast address 22.214.171.124
Ok, that is fairly obvious. - You should be able to determine that for
Yourself. If not, re-read the Networking-HowTo.
> Oh.... Wait a sec, not seeing forest through the trees. Being this is
> the Gateway. would a slight change to my route table fix this?
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 126.96.36.199.adsl * 255.255.255.255 UH 0 0 0 ppp0
> localnet * 255.255.255.0 U 0 0 0 eth0
> loopback * 255.0.0.0 U 0 0 0 lo
> default 188.8.131.52.adsl 0.0.0.0 UG 0 0 0 ppp0
Now, just for the fun of it, try to think about how Your router will
forward packets to a destination IP of 184.108.40.206/29...? - It won't,
since it has no route to that subnet.
Add the rules I recommended.
Quote:> If you understand you. Instad of doing things like this in ifconfig:
I certainly try to understand myself... ;)
> (this is the inhouse card. not the pppoe connected card).
> eth0 Link encap:Ethernet HWaddr 00:C0:26:E9:FD:35
> inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:95950 errors:0 dropped:0 overruns:0 frame:0
> TX packets:112888 errors:0 dropped:0 overruns:0 carrier:0
> collisions:7 txqueuelen:100
> RX bytes:7858495 (7.4 Mb) TX bytes:60154451 (57.3 Mb)
> Interrupt:10 Base address:0xff80
> In my /etc/rc.d/rc.inet1 I have it as so.
> IPADDR="192.168.10.1" # REPLACE with YOUR IP address!
> NETMASK="255.255.255.0" # REPLACE with YOUR netmask!
> NETWORK="192.168.10.0" # REPLACE with YOUR network address!
> BROADCAST="192.168.10.255" # REPLACE with YOUR broadcast address, if you
> # have one. If not, leave blank and edit below.
> GATEWAY="" # REPLACE with YOUR gateway address!
> Therefore if I replace the above with my sbcglobal static IP address
> info then my local net will work? therefore
No. - You cannot "replace" this, but You have to additionally specify
this. I may assume that You have two NICs in Your router. One that
connects to Your LAN (192.168.10.1), and one that serves the ADSL line
as ppp0 (220.127.116.11).
So if You're talking about "ifconfig", if You issue this command with-
out arguments, it will show eth0, lo, and ppp0. It will also show eth1,
but the settings shown will never be used. (Eventually, ppp0 replaces
eth1 in this context.)
Quote:> Is that really all I need to do? If so, why is Snet SBCGLOBAL net
> telling me to do NAT? and can a remote person ping say one of the
> machines behind the gateway. say I want to allow ftp to 18.104.22.168. (a
> welcome access, not cracked). even if they are connecting outside of
> my lan? How does my gateway know to handle a remote access to a
> machine behind the gateway? or is there additional work required?
No. - Your gw will know how to handle such request because You tell it
how to handle that in its routing table. Again, refer to the "route"
commands I gave You. That is, tell Your router that, besides the LAN
(192.168.10.0/24?), there is a range of IPs, hence a subnet, that shall
also be addressed via eth0, namely 22.214.171.124/29. Simple, isn't it...?
Quote:> OTOH, what if I DO need to Masquarade some boxes, say I had 9
> boxes, more than the number of usuable IP addresss by 3. can I do
"By 3"...? - Anyways: Of course You can do that, and You would know if
You had read (and understood) the Networking- and the IP-Masquerading-
HowTos. But here You go:
On all boxes that have one of Your public IPs, set a route to the LAN
via their respective NIC, but add the default route through Your gw,
i. e. 192.168.10.1. Do _not_ use the gw public IP 126.96.36.199.
On all other clients on the LAN that have private IP addresses in the
192.168.10.0/24 range, add the default gateway. Optionally, You can
add the 188.8.131.52/29 net via that same interface.
Finally, on the router itself, make sure to MASQUERADE all connections
that come from 192.168.10.0/24, but _not_ to MASQ connections from
This is it. It may seem that it was a long way for You to get here,
but, in fact, this is as simple a setup as it was before. You only
added one address space that will be trated differently, which is not
And, again, I recommend reading the HowTos mentioned above. - And, of
course, understanding them.
My personal reading of the string "MicroSoft" expands to "NanoWeak"...