Linux Firewall with "REAL" IP Addresses - no NAT or Masq
Posted on 2001-07-13
I have a linux box set up running Red Hat 7.1 and using the firestarter GUI to set up an iptables firewall. Everything works fine on the external side of things - can get to the internet and the machine is stealthed according to an external port scan. My difficulty lies in trying to use all real IP addresses on the internal side as well (mostly for games - working at a small startup ;-). I need to know if my external and internal NICs on the linux box can be on the same subnet mask, and if so how do I make sure the packets get where they need to be - an example follows using made up ip addresses:
internal machine: 220.127.116.11
lan nic on linux box: 18.104.22.168
wan nic on linux box: 22.214.171.124
gateway on router: 126.96.36.199
subnet mask on all above: 255.255.255.224
*.240 needs to get to the outside world, while still being safe behind the filters.
I'm sure I'm leaving some info out, so let's start a discusion first.