[vox-tech] bridging subnets

Joel Baumert vox-tech@lists.lugod.org
Mon, 13 Jan 2003 16:51:57 -0800 

You could have all of the computers with 192.* addresses
and have the Linux box using ipchains or iptables 
translate any packet on the external address to an 
internal address... i.e.

201.123.32.12 <-> 192.168.1.12
201.123.32.13 <-> 192.168.1.13
201.123.32.14 <-> 192.168.1.14
201.123.32.15 <-> 192.168.1.15
201.123.32.16 <-> NAT
...
NAT <-> 192.168.0.2
NAT <-> 192.168.0.3
NAT <-> 192.168.0.4
...

You can try out this script... It may even work :-).  The 
masquerading should be correct, but the ip mappings may not
be and I don't really have a good setup to try them.  There
is probably someone better with iptables to give you a better
answer.  They final script is probably more complicated, but
this might give you something to start with.

You would configure everyone with a 255.255.0.0 netmask with
the Linux box with 201.123.32.16 and 192.168.0.1 for addresses.

Joel


#
# iptables.
#

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.12 -j DNAT -to 192.168.1.12
iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.13 -j DNAT -to 192.168.1.13
iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.14 -j DNAT -to 192.168.1.14
iptables -t nat -A PREROUTING -i eth0 -s 201.123.32.15 -j DNAT -to 192.168.1.15


On Mon, Jan 13, 2003 at 03:31:59PM -0800, Ken Bloom wrote:
> I'm inventing some random numbers (they're not even valid IP 
> addresses) to explain the problem better
> 
> The following computers are connected via hub to the DSL modem:
> 201.123.321.12
> 201.123.321.13
> 201.123.321.14
> 201.123.321.15
> 201.123.321.16 (eth0) / 192.168.0.1 (eth1)
> 192.168.0.2
> 192.168.0.3
> 
> What can be done so that the 201.123.321.* computers can see the
> 192.168.0.* computers? Bear in mind that these computers are not 
> necessarily all Linux computers, but that we know 
> 201.123.321.16/192.168.0.1 is a Linux computer.
> 
> 
> > ---ORIGINAL MESSAGE--- 
> > From: Rod Roark <rod@sunsetsystems.com>
> > Organization: Sunset Systems
> > To: vox-tech@lists.lugod.org
> > Subject: Re: [vox-tech] bridging subnets
> > Date: Mon, 13 Jan 2003 06:53:57 -0800
> > Reply-To: vox-tech@lists.lugod.org
> > 
> > I'm surely being dense, but I don't understand what you
> > mean.  What are the subnets in question?
> > 
> > Here's a thought that may or may not apply.  Perhaps you
> > can put all the machines on a single LAN behind the Linux
> > firewall.  Note that you can assign all 5 external IP's to
> > this Linux box and then port-forward (with iptables) to
> > other machines depending on the destination IP address
> > (and/or port number) of incoming packets.
> > 
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech