Antony Gelberg <[EMAIL PROTECTED]> writes: > I've dealt with quite a few LANs over the years. I'd like to try > something that I never have done before... > > I work with ADSL providers who allocate 5 public IP addresses (sometimes > 1) to a connection. If I have a LAN of, say, 20 workstations, I can use > NAT, and give them private addresses - no problem. > > I usually have an ADSL router / modem, hooked up to a Linux box > configured as a bridging firewall, which connects to a switch. > > But if they wanted to run a public email server as well, clearly that > needs a public IP address. Fine, but how does the routing aspect work? > Do I need to ditch the bridging configuration on the firewall and > reconfigure it as a router with 3 NICs?
You can run two IP networks on the same physical network; I do that here for arcane and esoteric reasons. :-) If your ISP gives you static IPs, this is easy; you arrange for the mail server to have an externally visible IP address (either by configuring it directly or having your local DHCP server hand it an external address), and tell your firewall machine that that address is internal and that it should route it directly without NATting. I don't know if this is a solvable problem if you need to get the second address by DHCP, though; I could envision some cleverness wherein the gateway machine acts as a transparent bridge if it sees traffic from the specific MAC address of the mail server, but I'd have no idea how to set it up under Linux. In that case, having three NICs probably would help, since you could bridge from DMZ<->external and NAT from internal<->external. -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ "Theoretical politics is interesting. Politicking should be illegal." -- Abra Mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
