Help using NAT to create an invisible/transparent filtering
Wed, 07 Jun 2000 00:06:50 +1000
After reading a few of the posts in this news group it seems that a few
people are possibly trying to achieve something along the lines of what I
am after. Let me try and explain what I am attempting to do:
Say I have a three internet servers which are sitting in a subnetwork of 31
(/27) real ip addresses. Obviously these machines each have their gateway
addresses pointing at the router for this subnet. I want to put a linux NAT
box between the router and the internet servers and set it up so that the
servers think that they are still seeing the router directly. However their
packets are actually being forwarded and filtered through the linux box.
To do this the linux box will have two network cards, one connected to the
outside world (router) and the other to each of the servers via a hub
(standard firewall config). I intend on aliasing the outside world network
card with the ip addresses of the server machines on the inside segment.
Then giving the network card on the inside segment the ip address of the
router. Would a promiscuous netcard and standard kernel forwarding cause
the real router to conflict with the ip address of this interface?
I want to set it up this way so I can insert and remove the firewall
machine without having to change the gateway addresses on the servers. Also
I don't want to have to point to point route each of the servers, or subnet
the designated ip range (/27) to an even smaller range such has 3 hosts
(/30) so that standard routing can occur.
Any help / ideas on how to do this would be appreciated.