[plug] Routing

[Craig Ringer]

> Say I have a box acting as a gateway. In that gateway (well within the
> gateways network) I have a block of live IP's that all need access to the
> world (easy)
Live IP == world reachable (non-private) IP eg not 192.168.x.x or 
10.x.x.x , block assigned by ISP?

Just asking to be sure, because if you're using IP Masquerade and 
private IP ranges, its an entirely different kettle of fish.

> How do I go about allowing traffic to flow freely in and out?
Its rather more "how do I limit what trafffic is passed freely in and 
out" normally ; your ISP should be routing all traffic to your assigned 
IP block to your
gateway, which by default ( or as per /proc/sys/net/ipv4/ip_forward ) 
will route the packets to the appropriate host on the LAN.

> Is it simply a firewall issue or something else?
Well, you'll definitely want to set up a firewall on the gateway to 
police traffic and limit what can and can't pass; for normal users with 
private IP blocks who use IP masq its less of an issue since internal 
hosts can't be directly attacked (having non-routeable addresses) - 
you'll have to be extra careful.

If what you're trying to do is make machines reachable through a 
firewall doing NAT/IPMASQ where the machines have non-routeable IPs, 
that's a bit different, what you're looking for is port forwarding and 
it is quite limited (eg only one host per port, so if you have 2 
internal webservers you want accessable one must appear as port 80 and 
one as port 81 on the firewall (example port choices) eg forward 
80->host1:80, 81->host2:80 ).

Sorry if this is wildly off track but the info given isn't too specific 
as to the network setup and the problem.

Craig Ringer