[ mailed and posted -wsr ]

bgrayson@marvin.ece.utexas.edu (Brian C. Grayson) writes:
>   I have the following setup:  cluster A has globally-accessible
> IP addresses (128.83.52.x).  cluster B is a private set of
> machines on the 10.x.x.x subnet.  I currently have a machine
> set up as a gateway, and all A machines know to route to the gateway for
> 10.x.x.x, and all B machines know how to talk to the gateway
> for A machines etc.  (And it works -- ypbind, NFS, ssh, amd!  Yeehaw!)  

Sounds like you are almost there.

>   What I want to do is also allow the cluster B machines to
> access the rest of the net (via ipnat on the gateway?).

If the gateway machine has two interfaces you can do what you want by
specifying NAT for only 10.x.x.x addresses on the interface that is
going to the internet.

	internet <---------- gw ------ A + B machines
		           
Thats basically how I'm running, and it works well enough.  (in my
case de0 is internet iface, 24.x.x.x is the real internet address,
10.x.x.x is the private net)

ipnet.conf:
map de0 10.1.2.0/24 -> 24.1.2.3/32 portmap tcp/udp 60000:65000

The only caveat is that one must be careful that the gw's interfaces
are not in the group of addresses that will get NAT-ed.

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/