tis 2006-10-03 klockan 15:10 +0200 skrev Marco Simioni:
> Good idea. I'm not a linux-marker-expert; but can my box NAT
> connections coming from two different vlans, even if they come from
> identical ips (but of course from different macs)? Or the NAT
> connections will go crazy?
The NAT will work fine most of the time, but with the same restrictions
given before.
> Can u explain in few words what would be your idea about marking and
> routing? I would have to use 802.1p VLANs and then create an interface
> in LINUX for every VLAN?
Yes. Linux has very good vlan support.
> Then, an independent NAT is applied to every
> interface, so that if two identical IPs come from different VLANs,
> their NATTing will not collide?
The main part here is routing of return traffic to the clients. As this
can not be done on IP you have to resort to other techniques. In Linux
netfilter/iptables there is a feature called CONNMARK, which allows you
to mark individual TCP connections with which interface they vere
initiated from. This can then be used in policy routing to route the
return traffic back the same path.
> What happens if i have an access point connected at my network too,
> and i want to perform the same task on wireless connected devices?
Harder, but may be doable if you use 802.1x and WPA I think.. but it's
somewhat outside my area.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST