My actual scenario is:
-Hundreds PCs in a internal network (fixed IP), divided in +- 6 different
subnets
-A +- 6 customers with leased lines
-A Cisco Catalyst 4006 connecting groups of PCs to corresponding customers
(imagine a Call Center company)
-Works fine.
The problem:
Frequently, it''s necessary to migrate dozens PCs from a customer to
another. You know, change all IPs and reconfigure all interfaces.
The target:
Implement a centralized Linux box with Shorewall/NAT/VLAN, slice the PCs in
small groups of VLANs (even smaller groups for manageability, i.e., +-30-50
groups), in a one whole internal subnet, and use NAT to give access from
one PC to the correct customer.
Suppose PC-1 (from VLAN-1) is accessing the CUSTOMER-1 network.
If I need to migrate PC-1 to CUSTOMER-2, I just change the NAT in shorewall
config files and restart it. I don''t need to change any configuration
on
client machine.
If it''s NAT issue, why not just Iptables ? I don''t know
iptables, but I
know Shorewall. I can also create a Web interface to easily permit the IT
guy to manage this configuration and restart Shorewall.
Does anyone had any experience with Shorewall and VLANs (802.1q)
(http://www.candelatech.com/~greear/vlan.html) ?
If yes, any issue i need to be aware of ?
-Gilson