[nSLUG] Multiple IPs with Eastlink

Ron Dewar Ron.Dewar at ccns.nshealth.ca
Mon Feb 18 14:53:56 AST 2002


The response below may solve your problems, but I am wondering if this is really what you want to do.  Hanging a few machines on a local net behind a firewall connected to Eastlink is not a difficult task.  This is the NAT solution, but it makes certain kinds of things difficult / impossible.  Like the rest of the world connecting to a server running on one of the machines.  Certain games servers identify clients by their IP addresses, and don't alow more than one logon at a time from a given IP.  If that sort of thing is not going to be a source of contention among your LAN machines, then why not try the NAT routing / firewall trick?
Ron

>>> nslug at fop.ns.ca 02/18 1:37 PM >>>
On Mon, 18 Feb 2002, mcurrie wrote:

> Eastlink has told me that they cannot map multiple IP addresses to one hwaddr.
>  I need to firewall 4 IP addresses from Eastlink and do not want to set up 4 
> firewalls.  I can't put more than one physical ethernet card on a subnet.  
> I've tried that, it doesn't work properly.  With MTT i used IP aliasing (eth0, 
> eth0:0, eth0:1, etc.) and it works beautifully.  I can't do this with Eastlink 
> because the hwaddr remains the same for each alias.

If I understand you correctly, you have 4 machines behind a firewall that
you want to have real IP addresses (as opposed to NAT'd addresses), but
you want to be able to do some type of firewalling to filter out unwanted
packets, yes? I suspect your best bet in this case would be to use
something like dhcping (http://www.mavetju.org/unix/general.php) to spoof
out a dhcp request from the firewall with the "right" MAC address. The
routing problems you're seeing may be because you need a dhcp request to
force a routing update, and without said update you don't get your route.

Alternatively you might want to have a play about with bridging, there's a
mini howto out there covering bridging and firewalling. That might be a
cleaner option if you're going to add more machines in the future.

Cheers... Dop.


_______________________________________________
nSLUG mailing list
nSLUG at nslug.ns.ca 
http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug




More information about the nSLUG mailing list