Thanks Joe / Matt I've built the kernel with with iproute 2 and iptables support So can I assume ip address add 217.161.116.143/32 dev eth0 label eth0:atlas143 ip address add 217.161.116.144/32 dev eth2 label eth2:atlas144 ip address add 217.161.116.145/32 dev eth2 label eth2:atlas145 ip route add 217.161.116.8/32 dev eth0 and either: 1) ip route add default scope global nexthop via 217.161.116.8 dev eth0 weight 1 nexthop via 64.110.101.65 dev eth3 weight 1 or 2) ip route add default scope global via 217.161.116.8 dev eth0 along with the following NAT for each private network behind the router iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 217.161.116.143 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth3 -j SNAT --to 64.110.101.70 plus iptables DNAT rules for whatever on the 144, 145 and upwards IP's p.s. Joe in about a month or two I will have a router / firewall built using dual opteron cpu's for a total of 33 ethernet ports at 100 mbps (tulip chipset) plus 2 channel bonded gigabit ethernet ports as a 2 gbps backplane to other devices. Once that puppy is built would you be interested in looking at it. Just waiting for them to pay for the hardware. It's along the lines of your previous advice on multi port routers but on a slightly larger scale. Similar configuration on a smaller scale with a P4 - 2GHz chip has a thoughput of approx 540 mbps at 92% CPU. I'm hoping that the dual opteron with it's hypertransport bus will be able to handle the potential maximum of around 5 gbps. Only sad bit is that the unit is a full 9U. If CPU doesn't get maxed out it will also double as a RAID5 NAS for archiving of large files. If your interested in looking at it once it's built please please let me know. Cheers Tikiri ----- Original Message ----- From: "Matt Sullivan" <matt(a)sullivan.gen.nz> To: "Joe Abley" <jabley(a)isc.org> Cc: "Tikiri Wicks" <tcwicks(a)maxnet.co.nz>; <nznog(a)list.waikato.ac.nz> Sent: Wednesday, October 22, 2003 10:48 AM Subject: Re: [nznog] What can I say to this
On Tue, 21 Oct 2003 at 11:43:29 -0500, Joe Abley wrote:
On 21 Oct 2003, at 11:04, Tikiri Wicks wrote:
??? I'm just wondering if anyone has any feedback regarding this situation.
<snip>
If your box is connected to the same broadcast domain as his box, you can probably ARP for your default gateway and find it without having an interface address in the same subnet. On a cisco you can do this with an interface route ("ip route 217.161.116.8 255.255.255.255 eth0"); you'll see this exposed as a connected route with appropriate distance.
For linux (with correct kernel +options / iproute tools) use "ip ro add 217.161.116.8/32 dev eth0" from your preferred shell for the same effect. Your box will then try arp solicitation for this address via eth0. Or if you prefer a more Cisco like implementation then I'd suggest the Zebra routing daemon[s] and Joe's command above.
Matt.