[CentOS] DHCPd Config

Tue Jul 5 21:31:19 UTC 2005
Peter Farrow <peter at farrows.org>

You only need to NAT or MASQ if you are connecting to the internet and 
hiding RFC 1597 addresses behind your Linux box, or of your linux box 
routes to other LANS and those LANs don't have routes back to the other 
LANs on your Linux box.  The latter course would be a network bodge to 
make up for the fact that you hadn't added those routes elsewhere.

You should use iptables MASQ to perform network address translation if 
you don't have a static IP on the net direct to the LAN card in your 
Linux box, otherwise you should use iptables SNAT.

For example:  In my office I have a leased line, an ADSL line and an 
office LAN and a private network for backing up the machines on the 
leased line. A linux box sits on them all.

there is a 195.x.x.x address space on the leased line (real ips), a 
10.x.x.x address space on the backup LAN (rfc 1597 private), 192.168.x.x 
office LAN (rfc 1597 private) and 212.21.x.x for the ADSL (real ips).

The linux box SNATs from office LAN to leased line, SNATS to backup LAN 
and SNATS to ADSL line.  In reality if I added routes on all the servers 
on the backup lan stating the 192.168 LAN was via the linux servers 
address on the backup lan, then I wouldn't need to SNAT onto the backup 
lan (i.e. from one private network to the other), but becuase I have 
some 30+ servers onthe backup lan and I couldn't be bothered to do RIP 
or setup static routes, and because I mainly just use ssh from the 
office lan to the backup lan, I enabled SNAT for those outgoing packets 
which makes all office LAN traffic look like it came directly from the 
Linux box....and hence no routes where required.

hope this helps

P.



Lee W wrote:

> Johnny Hughes wrote:
>
> <snip>
>
>> You need to do ip-masquerading to pass traffic thru a linux box as a
>> gateway.  That requires 2 NICs and an iptables script which does
>> masquerading
>>
>> I use this script to setup that kind of box:
>> http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER 
>>
>>  
>>
> Is it absolutely necessary to use IP-Masq / NAT in order to setup 
> Linux as a Router?
>
> I'm trying to setup a few Linux machines (Centos of course) as 
> convential routers as opposed to Gateways so that I can learn more 
> about routing between them on various Subnets.
> All the How-To's I've found talk about Masq, I would appreciate if 
> anyone can point me in the direction of a convential Linux router howto.
>
> Thanks in advance
>
> Regards
>
> Lee
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos