On 11/10/06, Martin Gignac <[EMAIL PROTECTED]> wrote:
> Yes, I've tried siproxd, but my lack of knowledge has caused me to fail
> to get this working properly.
Then using your available public IPs should be the ticket.
-Martin
Yah, it's becoming clearer. Use whatever is cleaner and easier to implement.
If ALG/siproxd is actually **more** complex than NAT --> use NAT with
VLANs and public IPs for the IP phones, as Martin said.
OTOH, if you do have enough public IPs to play with, I'd still
consider bridging and using only public IPs (then you don't need to do
VLANs or NAT).
And speaking of that, I just re-read your (Patrick's) earlier emails:
Patrick wrote:
Technically, we don't need NAT, but I want to free up some IP addresses
in our company so we can use them elsewhere. That's why I wanted to put
all the computers behind NAT.
I guess I could assign an entire class C to our office computers, but
IMO that isn't really efficient.
Sorry if I'm asking stupid questions, but you know all about
VLSM/CIDR, right? You know that you don't have to choose between
assigning a whole class C subnet or NAT, right? You know that you can
apportion any number of bits for your subnet, right?
I was just playing with the details you gave earlier (mostly to
practice and teach myself):
Your friend suggested IPs like 216.139.44.142 and a 255.255.255.192 subnet mask:
last octet for IP 216.139.44.142/26:
128 64 |32 16 8 4 2 1
1 0 | 0 0 1 1 1 0
--------+
From 216.139.44.128/26 (x.y.z.10000000) through 216.139.44.191/26
(x.y.z.10111111), that's 64 IP addresses in total.
How many hosts do you have, including the IP phones? How much room for
future growth do you need to reserve? If you can steal enough bits off
that last octet, then the easiest way may still be a bridge, which has
the added advantage of being transparent to the end user. And it can
be changed, substituted and removed in the future without so much as
an interruption in service (as long as you have a switch with free
ports both before and behind the firewall).
