Running public IP's inside an RFC 1597 network

Doug Poland doug at
Tue Jan 25 18:42:28 PST 2005


I'm running a typical Class C RFC 1597 network in my lab.  What I want
to do is create another network, accessible from my private addresses,
that use public IPs.  The public IPs exist in the wild but I want to have
an isolated environment where I can test what happens in public space, in
my lab, before I deploy changes.

All the machines in question are running 5.3-STABLE.

What I've setup so far are two test servers, host1 (H1) and host2 (H2)
with public IPs, and a gateway (GW) machine with one public IP and one
private IP.  All three machines are on a switch, the gateway has two
NICs, one on the public switch and one on the private switch.

   External IP        Internal IP     Defaultrouter IP
--------------------- --------------  ---------------
GW 123.456.789.1/24
H1 123.456.789.154/24                 123.456.789.1
H2 123.456.789.161/24                 123.456.789.1

I can ping between the 3 "public" IP's fine until I turn on the GW
interface with the private IP.  At that point, the GW cannot ping the
two "public" servers. 

Obviously I'll need NAT'ing from the GW to H1 and H2 if I want packets
from other hosts on my private network to see the "public" servers.
What I can't figure out is how to tell my GW machine that packets
destined for the 123.456.789.0/24 network are to go through my other
NIC, not out through the GW's default router.

I hope I've explained the situation clearly.  Googling and reading the
friendly manuals has not revealed a solution to me.


