TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IP /30 hack - Question
It appears that there is a way to get use of all 4 IP addresses on a /30
block to use - but I really don't know the proper way to set this up.
I have a /30 block with network, host, router, broadcast as the 4 IP
addresses. I have been told that it is a simple matter to use the network
and broadcast addresses for other hosts simply by telling the router that
the subnet is bigger, say a /29. The downside is that adjacent netblocks
will be unavailble to me should I wish to access them. I am totally fine
with that. BTW - I am talking about a PPP routed DSL connection - so the
broadcast packets won't interfere with anybody else.
Setting up the router for a /29 (or /28) would be trivial, however, I have a
twist. I want the machines on my network to have the two extra addresses so
that they have publically addressable IP addresses. I still want them
behind my firewall (with 2 NICs). So, how do I configure my interfaces to
make this possible?
For instance:
I am supplied with a public netblock - lets say it is 200.0.0.200/30
My private network currently is 192.168.0.0/24 with three computers on
it (one is the gateway and two workstations).
I have a gateway/firewall with two NICs - one with a real IP on the net,
200.0.0.202, and a private IP, 192.168.0.3.
OK. I want the two workstations to get public IPs, 200.0.0.200 and
200.0.0.203. These are the normal network and broadcast addresses - but
with my reassigned netblock on my router, 200.0.0.196/29 (or 200.0.0.196/28
or 200.0.0.198/29 ?) - they become addressable - of course the IP addresses
outside of my /30 block aren't usable outside my network. I know this will
work fine if these workstations use the router as the default gateway.
However, I want these addresses firewalled, so I want to use the PC I was
using for that job. How can I configure the two interfaces on it to
firewall packets? Can I assign the same IP address to both NICs? How about
netmask? Seems like a conflict to me. Yet - there must be a way - as the
router is doing it. I don't want to use NAT, because I want real public
IPs.
Does anybody have an idea of how to configure this? I am sure it has been
done before (I know of somebody who fakes the netblock to reclaim the other
IP addresses - but how can I do it with my 2 NIC firewall/gateway machine?
Thanks in advance,
Tom Veldhouse
veldy@veldy.net