> I have a Debian computer acting as a DSL router. My ISP gave me 5
> static IP addresses but I'm currently using only one, for the router
> itself.
lucky you ..not many isps do that :) (mine is good too ..)
> But what I want to do now is "promote" one or another of the masqed
> computers onto the "real" static subnet given to me by my ISP. Some of
> these computers may be running Linux, others Windoze.
your better off having the dsl modem/router go to a hub/switch
and out of the hub/switch to the various machines on the public
network.
> my ISP-level subnet. So the result is that I want two logical
> IP networks running over my physical network, one private, masqed, and
> unroutable, and the other public, static, and fully acting as part of
> the internet and my ISP-level subnet.
i wouldn't reccomend this at all. unless you have nothing
on your network that is not important to you e.g. you
don't mind if people on the outside can see what your doing.
>
> Can bridging do this? Or would IP tunnelling help me accomplish this?
> Or is there a better way? And how can I easily do this in Debian?
i don't know about the linux kernel, but when i was playing
with openbsd there was the ability to forward EVERYTHING on
one external ip to one internal ip. haven't noticed anything
like that with ipchains/linux 2.2 although 2.4 has much
improved NAT code ..(i honestly still wouldn't use it JUST yet)
one thing i do on 1 of my gateways.. i have 1 static ip
on eth0, then i have a routed subnet(differnet network then
what is on eth0) on eth0:1, and eth0:1 handles the routing
for that network. so it looks kinda like:
internet -> switch1 -> eth0 -> eth1 -> switch2 -> masq'd network
\-> eth0:1 -> switch1 -> routed network
so, eth0:1 spits packets back out of the interface back
to the switch it came in on. this is doing somewhat
what you are proposing(2 networks, 1 wire). the difference,
(and its pretty major) is the internal lan traffic never
gets out onto switch1 without going through the firewall
on eth1.
it was tricky at first to set this up, the key was to
allow forwarding of packets both TO and FROM the routed
network hanging off of eth0:1.
e.g.
/sbin/ipchains -A forward -j ACCEPT -s 0.0.0.0/0 -d
MY_ROUTED_NETWORK_IP/SUBNET_MASK
/sbin/ipchains -A forward -j ACCEPT -s MY_ROUTED_NETWORK_IP/SUBNET_MASK -d
0.0.0.0/0
nate
