"Hey! What's going on?"
"The Internet is broken"
"Oh, I'll try later"

I know nothing about advanced routing under Linux, but hopefully Perry will write most of this page for me.

The Problem

We have a LAN (192.168.0.0/24), a DMZ with public IP addresses (210.55.23.0/26), an ADSL router (192.168.253.254), a CID connection (210.55.254.60/30), and a Linux box (Fedora Core 4) with four network cards to connect all of the above.

• eth0: LAN
• eth1: DMZ
• eth2: CID
• eth3: DSL

Additional requirements

• Users on the LAN are to use the DSL connection to access the Internet
• Connections to our DMZ are coming in on the CID connection
• A number of public IP addresses are reserved for VPN connections into the LAN (using AD authentication)

The Solution

VPN server

We set up Poptop as described in Replacing a Windows PPTP Server with Linux and PopTop + MSCHAPv2 + Samba + Radius + Microsoft Active Directory + Fedora Howto.

For every public VPN IP address we create a ifcfg-eth1:x file, where x is any number. In our case, we chose the last byte of the IP address. You probably want to start nubering at 1 instead.

ifcfg-eth1:50

IPADDR=210.55.23.50 NETMASK=255.255.255.192