NAT

["Alexandre A. Rodioukov" <simuran () home com>]

Hi Friends.

My knowledge of NAT is not deep enough, therefore I'm asking for your
help. Our ISP denied to provide us with private routable subnet,
giving us only the plain range of IP addresses. It sucks since we need to
plug our DSL modem to the hub and live the whole network without any
protection <big grin>.

One of the solutions was to put a hardware firewall in between the
network and DSL modem, but for some reasons we can't do that. The
solution that I was thinking of is to set up all the IPs given to us
as aliases on external interface on our router (Linux or *BSD box) and
set up NAT in following matter:

(all the workstations in local network are getting local no-routable
addresses)

For each outgoing packet source address (local) is replaced by one of
the aliases mapped to this address. For each incoming packet each
destination address (external alias) is mapped to local address. So it
looks like fancy masquerading, even though instead of ports we are
playing with aliases on external interface of the router.

I was hitting my head against the wall trying to come up with NAT
rules for such scheme, but i failed. I need your help guys.

Thanks in advance.

With kind regards,
Alexandre.