Very Computer

IP masquerading will make many hosts appear as one host to your provider
which is what you want.  Internally, you can use whatever configuration
you want, but most people use 192.168.x.x so it doesn't interfere with
real IPs.  Your customers need static IPs?  Well firstly your clients
are probably getting different IPs when they connect each time,
correct?  If so, then how will changing ISPs affect them?  True, you can
not connect to the internal machines from the outside with the
masquerading firewall, but would you want to?  Your customers will still
be able to do all the things they like to do like FTP, telnet, WWW,
RealAudio, etc.  Just make sure that you have the appropriate
masquerading modules in the kernel and you should be OK.  More details
may help as well.

HTH,
Matt

--

+---------  Northrop Grumman Corporation, Bethpage, NY ---------+
+---------  TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+

What are my options for the www and mail and dns client???

Thanks very much!!!

Mike

Quote:> I also am hosting www and mail via two servers.  Must they be outside the
> firewall???  You are correct in assuming they get dynamic IP assigned by my
> term server.  I also understand that moving my ISP does not affect internal
> hosts/clients...

> What are my options for the www and mail and dns client???

Be sure to use the latest Masq, else your customers won't be
able to play some online games.  The Masq in kernel 2.2.0-final is fine.
Even with the lastest Masq, some games and programs like ICQ will
give your customers fits.
- Dan
--
Speaking only for myself, not for my employer

Malware

   Local         Masqerade                  Remote
   Network       Firewall                   Network
                 NAT Relay
                 +-------+
    Wkstn A ---->|       |                  |
    Wkstn B ---->|network|                  |Network
    Wkstn C ---->|server |---(connection)---|Service
    Wkstn D ---->|       |                  |Provider
                 +-------+                  |

If the "network server" is a Masquerade server, then all
workstations on the local network will look to the Network
Service Provider as coming from one IP address, that of the
Masquerade server.

If the "network server" is a Firewall without address
translation, then the firewall acts as a protocol filtering
router, allowing only specific traffic thru.  The Network
Service Provider needs to know the IPs of your local network
(usually by block assignment of addresses) for you local use.
This block of IP addresses is a fixed assignment that the
Network Service Provider CAN NOT USE for auto-assignment
to dial-in clients.

If the "network server" is a NAT Relay, it provides Network
Address Translation between a private address space and a
public address space.  This is useful if you wish to subscribe
to another network service provider without renumbering your
local network servers and workstations.  You should give your
local network equipment addresses in the private address space,
and let the NAT Relay change them selectively to public addresses
in the global Internet.  NAT Relay servers are often accompanied
with Firewall capabilities.  You still need a block of static
addresses assigned by your Network Service Provider for your
use.  And you NAT Relay becomes the router that your Network
Service Provider uses to gain access to selected workstations
within your local network.

The public address you assign to the Network Service Provider
side of a NAT Relay can be used by Masquerade services for those
workstations that are not mapped to a public address by the NAT Relay.

I'm not sure of the configuration requirements of all the parts,
but the capabilities of the above are available.

- Steven J. Hathaway