I would do NAT anyway. Assign all the IP's to your linux box, statically assign 192.168.x.x addresses to your internal network, and just forward the appropriate IP (or just specific ports? Not sure what your intention is) to the appropriate inside machine. Gives you more protection that way. And your internal net is all on the same IP range.
Just my .02 cents. On Wed, 22 May 2002, SPAM wrote: > I have 16 "real" (routable) IP numbers. (Actually it is 14 after network > and broadcast are counted). My ISP wants to sell me a Cisco router to > filter and control traffic at my end. I know Linux can do this and do it > cheaper. I want to configure a Linux box to act as a transparent firewall > for the clients. What I need to know is how to configure the firewall to > move packets from eth0 (outside) to eth1 (inside). No translation is > necessary. For example, if a packet destined for 129.106.32.3 arrives, I > need it forwarded to the inside interface (eth1) as 129.106.32.3. I need > the Linux box to act as a router, no NAT or PAT. What is the iptables line > to enable it? > > >From reading the man page, it seems: > iptables -A FORWARD -p ALL -i eth0 -o eth1 > iptables -A FORWARD -p ALL -i eth1 -o eth0 > would do the trick, but I am unable to cross the router. > > Yes, I have enabled ip_forward also. > > Any help would be appreciated, > Thanks, > JCF > >
