on 5/24/02 14:51, [EMAIL PROTECTED] wrote:
> interface Ethernet0
> ip address yyy.yyy.yyy.yyy 255.255.255.252
> interface Ethernet1
> ip address xxx.xxx.xxx.2 255.255.254.0
> ip route 10.101.104.0 255.255.248.0 xxx.xxx.xxx.170
> ip route 10.102.104.0 255.255.248.0 xxx.xxx.xxx.174
> ip route 10.103.104.0 255.255.248.0 xxx.xxx.xxx.175
> access-list 1 permit 10.101.104.0 0.0.7.255
> access-list 1 permit 10.102.104.0 0.0.7.255
> access-list 1 permit 10.103.104.0 0.0.7.255
> yyy.yyy.yyy.yyy is the upstream provider's IP for our router.
> xxx.xxx.xxx addresses are our own public block of IP addresses.
It looks like you've got the following setup (is this correct)?
isp <-> cisco <-> prop router 01 (xxx.xxx.xxx.170) <-> 10.101.104.0
<-> prop router 02 (xxx.xxx.xxx.174) <-> 10.102.104.0
<-> prop router 03 (xxx.xxx.xxx.175) <-> 10.103.104.0
All hosts on 10.101.104.0 gets natted to xxx.xxx.xxx.170
All hosts on 10.102.104.0 gets natted to xxx.xxx.xxx.174
All hosts on 10.103.104.0 gets natted to xxx.xxx.xxx.175
If your linux box has 4 free pci slots, fill 'em up with nics. Then you can
eliminate the cisco box and the three routers.
isp <-> eth0 <-> netfilter <-> eth1 <-> 10.101.104.0
<-> eth2 <-> 10.102.104.0
<-> eth3 <-> 10.103.104.0
Then it's just a matter of standard SNAT and DNAT based on interface.
Why the funky netmasks on the 3 internal networks? Do they have subnetworks
of their own?
patrick conlin
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
director of internal technology
wechsler ross & partners
http://www.wechsler.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
