Hi A friend of mine asked me to set up a firewall with an old P90 he had for spare when his ADSL connection was installed. Last week the cable guy came and then we spent some time setting things up in a preliminary fashion.
The ISP normally provides a fixed IP number (yes!) and I thought a standard set up with two Ethernet cards, no services in the firewall, and filtering with IPCHAINS would to the trick. And it does. (kernel 2.2.19, is it (yet) worth changing to woody/sid and 2.4.x with netfilter?) The interesting part is that he asked them for three fixed IP-number and got them (halleluja!) My question is now : How to forward (route) the incoming traffic to the two other IP-addresses to specific machines on the inside? (after due filtering of course) I suppose one could ask the ISP to send the traffic to two of the addresses the the third, which then could filter and send them on as a router, but they seem unwilling to arrange this. IP-aliasing is possible so that the firewall with one ethernet card on the outside at least gets the packets, but it appears that IP-Masquerade can not masquerade from aliased network connections, only physical ones. So how to catch and process the incoming packets in an effective and secure way? Any clever ideas? Anders
