Mailinglist Archive: opensuse-edu (146 mails)

< Previous Next >
Re: [suse-linux-uk-schools] Masquerading
  • From: Christopher Dawkins <cchd@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 16 Jul 2000 00:52:08 +0000 (UTC)
  • Message-id: <Pine.BSF.3.96.1000715183529.11176A-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

>> Yes, if you get the config all right, but you don't necessarily need two
>> NICs, you can run multiple subnets on one cable with one NIC by aliasing
>> multiple numbers onto the same card, we have three different numbering
>> systems on a single NIC! You also don't need masquerading if you have
>> local proxying, but this would limit what the local-number machines can
>> do to what is proxied by the proxy. In our case the limitations are
>> welcome - the internal machines can't be seen directly by external ones,
>> and that protects them from nasties and prevents them doing lots of
>> non-academic things like ICQ, Napster, making money by browsing,
>> bypassing the external filtered proxy, etc.
> Well that sounds ideal but how do I perform aliasing?

Depends on your system, probably, but on our FreeBSD it's by the use of

ifconfig_<interface>_alias=" ... "

entries in the rc.conf file: ours are for example:

ifconfig_fxp0="inet netmask 0xffff0000"
ifconfig_fxp0_alias0="inet netmask 0xffffffc0"
ifconfig_fxp0_alias1="inet netmask 0xffffff00"

[beware, on our system extra spaces, eg either side of the =,
will mess things up]

and the result from an "ifconfig -a" command is

inet netmask 0xffff0000 broadcast
inet netmask 0xffffffc0 broadcast
inet netmask 0xffffff00 broadcast
atalk 1280.185 range 1280-1289 phase 2 broadcast 0.255
ether 00:a0:c9:45:b9:14

[the machine runs the appletalk daemon as well]

and it's probably a good idea to set "gateway_enable" to YES as well.

Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG
01371-820527 or 07798 636725 cchd@xxxxxxxxxxxxxxxxxxxx

< Previous Next >
Follow Ups