An interesting problem... we have a legacy network which has IPs : 95.x.x.x ( NOT REGISTERED, i.e illegal) that we can't change now !!! ( those network enginners of 1994,when the network was installed; obviously did not know about rfc1918 )
now we want to connect this network to the Internet... we cannot re-number our network... so i looked at using a linux box with NAT ...that should be straight forward ... right ? wrong ! hey this is fun !! and i am a bit confused... NAT -- for 2.0.36 and 2.2.x is available ... but it does NOT support "Dynamic NAT" i.e. 95.x.x.x NATed behind ONE IP (http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html) It does support static NAT though ... it should be good to NAT our internal web server with a Legal IP.... (any comments ?) The new NAT code IPROUTE in the 2.3.x kernels requires iproute ... whose docs are not good enough for me(anybody care to explain ?)... and then the code is still very alpha... IP MASQ supports network NAT very well....but the docs say that we have to use only private IPs..... so .. can i use IP MASQ to hide my 95.x.x.x network also ?? I also plan to use IPCHAINS to filter the traffic....the HOWTO is clear enough... ! so what is the best solution ? ... we have been using Checkpoint FW-1 till now... and it works fine.... i believe i can reproduce all functionality on Linux too... what says u ? cheers venu [EMAIL PROTECTED]
