On Wed, Jan 06, 1999 at 05:42:59PM -0800, Wolfgang Rupprecht wrote:
> 
> [ mailed and posted -wsr ]
> 
> bgrayson@marvin.ece.utexas.edu (Brian C. Grayson) writes:
> >   I have the following setup:  cluster A has globally-accessible
> > IP addresses (128.83.52.x).  cluster B is a private set of
> > machines on the 10.x.x.x subnet.  I currently have a machine
> > set up as a gateway, and all A machines know to route to the gateway for
> > 10.x.x.x, and all B machines know how to talk to the gateway
> > for A machines etc.  (And it works -- ypbind, NFS, ssh, amd!  Yeehaw!)  
> 
> Sounds like you are almost there.
> 
> >   What I want to do is also allow the cluster B machines to
> > access the rest of the net (via ipnat on the gateway?).
> 
> If the gateway machine has two interfaces you can do what you want by
> specifying NAT for only 10.x.x.x addresses on the interface that is
> going to the internet.
> 
> 	internet <---------- gw ------ A + B machines

  My setup is a little different, and I'm afraid my comments
didn't make it clear!  My gateway is just one of the
machines in the A cluster, and the A cluster itself is
connected via a router to the rest of the internet:

    internet -- cisco -- A -- gw -- B

  So the trick is that not all traffic from gw on behalf of B
is to the non-local internet -- some of it is just to A and thus
doesn't need renaming.  My administrative domain only extends
to 20 machines out of 200 in cluster A, so I can't do anything
like mess with the cisco or put another machine in the path, or
tell our router how to reach 10.x.x.x etc.

  This is probably not your standard ipf problem.  Basically, I
want more than 256 machines "on subnet A", without requiring any
work from higher-up authorities, and this was the easiest way I
know to do it.  :)

  Brian