by Hello everyone,
I'm trying to set up the system below:
| Router | --------- (out) {Linux FireWall} (in) ------- {Internal
Machines}
I have a valid class C address for the setup, with the router being C.1; I
don't need masquarading since all I need the linux box to do is packet
filtering.
What I would like to do is assign C.2 and C.3 to the (out) and (in),
respectively, of the linux box - and the rest of the addresses C.4 - C.254
to the Internal Machines. I've read all the faqs, how-tos, etc but it's not
clear to me that it's possible since:
1. If I configure eth0\(out)\C.2\255.255.255.0\C mask\ and then
eth1\(in)\C.3\255.255.255.0\C mask\ the routing will be completely messed
up. Both interfaces will point to the same Class C net!
It seems as though the only ways to do it would be to:
1. Subnet the Class C into 2 subclasses with 0-128 in front of linux and
128-255 behind linux. The problem is that you either loose 128 classes or
you use them but don't protect them with the linux box.
2. Use a non-routable net behind the linux box and then use masquarading
with ipautofw to forward any ports from the outside in. But this
overcomplicates the setup needlessly.
3. The last option (and I don't know if it even works) is to change the IPs
and net of the router and (out) interface of Linux to a nonroutable one
(ie, 192.168.0.1, router, and 192.168.0.2, linux). Then play with the
routing tables on the linux box to add a default route, for outbound
traffic, for eth1 (inside if) to 192.168.0.2 (that of eth1) and then a
default route of 192.168.0.1 for eth0. For its part the router .... and
here it gets complicated really quick.
I have a feeling that I'm overcomplicating things and that the solution is
right in front of me. Does anyone have any thoughts ? Has anyone
implemented fixed, routable class C packet filtering going through a router
?
Any help or thoughts are greatly appreciated.
Thanks!