1

This question has been asked on the net before but the answers are simply not convincing or even accurate. I get the following output for ifconfig for the ppp0 device (of course, x, y, a, b are integers). 

 ppp0 Link encap:Point-to-Point Protocol  
     inet addr:x.y.172.234  P-t-P:a.b.145.65  Mask:255.255.255.255

PLEASE CORRECT ME IF THE FOLLOWING UNDERSTANDING IS WRONG I am trying to understand the theory behind it. x.y.172.234 is the public Internet address of the machine. So, all packets leaving the machine will have this as the SRC IP.

And my reading tells me that the a.b.145.65 is the default gateway address. So, all packets will unconditionally be sent out to be routed via this address (other than loopbacks).

But there is one device. Is it assigned multiple addresses? If so, how? Do I need to read on the PPPoE protocol to understand this?

If I connect a switch to this machine with a eth0 port and want to use this machine as a firewall using IPTables, then for machines on the internal LAN, what will be the default gateway address? the IP address assigned on Eth0? And then packets coming on Eth0 are then NATed and if not for the firewall are sent to which address? the a.b... address or the x.y..... address? Kind of gets confusing here.

Any clarification will be appreciated.

Thanks

Sunny
  • 381
  • 1
  • 6
  • 16

2 Answers2

1

If you want to use this machine as a gateway for computers connected to switch via eth0, you need to setup a (s)NAT.

One interface can have multiple addresses attached, it's not a problem.

The IP address seen in ifconfig doesn't have to be public internet address - your provider could give you IP from private pools(like 10.x.x.x) and use NAT too.

neutrinus
  • 1,125
  • 7
  • 18
  • So, is it possible to do serial NATs? I mean one NAT by the ISP and the other NAT internally by me? To me the ISP NAT will virtually be non-existent for the packets I see. Right? – Sunny Mar 14 '14 at 09:36
  • A sentence or two on how the two addresses on the same interface will be set up, will also help. Thanks – Sunny Mar 14 '14 at 09:37
1

point-to-point is an encapsulation protocol designed to "wrap" TCP/IP/IPX/Appletalk, whatever you might have going on. By itself your ifconfig entry tells you almost nothing about your logical topology. It does tell you about the physical topolology - you have two "external" IPs that are talking only to one another but without actually capturing traffic on that interface you can't really assume anything about what's travelling over it. It's not just TCP/IP, in other words, and probably shouldn't be treated as such.

quadruplebucky
  • 5,139
  • 20
  • 23