As someone previously stated, " this is academic" I am running kernel 2.6.8 on several dists: SuSe, Debian, Gentoo; and also run OpenBSD and FreeBSD boxen; and administer several Cisco Routers. On all of these I have the option of utilizing NAT under any of its possible configurations: one::one one::many many::one many::many This applies to either IP's or ports. you are simply specifying in your conf whether you are translating from a subnet-subnet or portrange-portrange and whether each new session in a given direction is automatically assigned a new ip(round-robin) or maintain sessions on a given ip(static or bi-nat). The one detail you should be aware of on *nix is the binding of multiple ip's to a single MAC/physical interface. If you follow previous suggestions of just re-arranging squid to re-write the headers with different ip's, your external interface won't necessarily respond to the return packets without having the aliases for the other ip's on the external interface. This could also play havoc with ARP as Qwest used to have their head-end equipment set to allow only 1 IP per MAC, which is why they used to always insist that if you had multiple pc's that they be connected via hub to the DSL line and get DHCP from the Qwest Server, or else you had to learn to setup proxy-arp on your routing device. Things may be different now though, I switched to Cox about 4 years ago. On Sat, 08 Jan 2005 21:55:35 -0700, Craig White wrote: > On Sat, 2005-01-08 at 10:57 -0700, George Toft wrote: > > I have a problem and am wondering how the brightest Linux brains of > > Phoenix would solve it. > > > > Problem: > > A certain web site that my family enjoys will not allow multiple > > computers from the same IP address to use the site at the same time. I > > currently have a Linux firewall with 2 NICs - one for the Internet and > > one for my LAN running NAT so all of my systems have the same public IP > > address. > > > > Qwest allows me 4 IP addresses, and I would like to take advantage of > > them so we can have more than one computer at the site at one time. > > > > > > Problem Statement: > > Build a firewall that: > > 1. Allows each computer on the LAN to send traffic out a different IP > > address on the Internet side of the firewall. > > 2. Filters all outgoing traffic though DansGuardian/squid. > > > > Essentially, each computer in the house would appear to have its own NAT > > firewall, and I don't want to actually deploy 3 more hardware firewalls. > > > > > > Random thoughts so far: > > 1. Set up box with 4 copies of VMWare running - each with a copy of the > > existing firewall. > > > > 2. Set up usermode Linux and have each one run a firewall & proxy. I'm > > pretty fuzzy on this stuff. > > > > 3. Bind multiple IP's to each NIC, and attempt to set up the iptables > > script from hell. > ---- > #3 seems the most logical and easiest to implement. You can have a mini > BOFH scheme by bandwidth shaping too. > > Craig > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss