LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IPtables and multiple IPs (https://www.linuxquestions.org/questions/linux-networking-3/iptables-and-multiple-ips-88421/)

irclord 09-02-2003 10:36 AM
IPtables and multiple IPs
 
*Server running RH8, laterst updates.*
Hi, I have a few queries, one of which is this main one. I have a broadband ADSL connection, and have been given a block of 8 ip addresses by my provider. assuming these ip numbers are 160 thru 167, that gives me 5 usable addresses, being 161 thru 165, with 166 being my router address. I am getting an internal routing card for my firewall/gateway, which I will of course set to the .166 ip number.

I also have a LAN on this side of the gateweay, with a number of systems on an internal IP range (say 192.168.0.1 thru 254). The gateway with the external card also has an internal NIC (with a LAN address of .1) and is therefore the gateway for all my LAN machines.

My problem is that I would like to set up a routing system using iptables (if thats correct) so that when incoming packets are submitted for any of the ips 161 thru 165, these are then forwarded to different machines on the LAN so, for instance, if a web client request is for .164, I would like that to be sent to internal machine number .3, and so on.

Is there an easy way to configure this, or is it beyond the realms of what can be done?

Thanks for your assistance :)

thepurpleblob 09-02-2003 10:42 AM
Do you mean that you have 5 machines handling your five "real" IP addresses? In which case why not simply give those machines the "real" IPs configuring them on their own subnet - a DMZ subnet I suppose.
The rest are on another "secure" subnet using NAT

irclord 09-02-2003 11:40 AM
No, I have a single connection to the internet via my gateway, which has (will have) an internal broadband 'modem' card. The IP external IP number of this is .166, to which my provider sends all requests for IPs 161 thru 165. All the other machines that I have are internal to the LAN, and have IP numbers in the range 192.168.0.1 thru whatever. A second NIC in the gateway deals with the LAN traffic and the LAN IP for the gateway is .0.1 - this is also set as the gateway address for all the LAN machines.

Basically I want a single connection to the internet using my gateway, which then picks up the destinations of the request packets, then depending on what they are, sends/routes them to various LAN machines. For instance:
  • Internet -> My Gateway -> LAN
  • ........ Internet IP .166 LAN 192.168.0.xx

    -> request for .165 -> to 192.168.0.15
    -> request for .164 -> to 192.168.0.24:5000
    -> request for .163 -> to 192.168.0.33:80

and so on....

Hope this makes it clearer :)

myboysherman 09-03-2003 09:18 PM
I use iproute2 to do this but a bunch of aliases would probably work as well. I have assigned all the IPs to a single card and DNAT by destination IP. To your DSL router it will appear as if five cards are attached.

Use iptables to catch on destination and forward to whatever internal device you like.

so:
# ip address add dev eth0 <first_ip>/29
# ip address add dev eth0 <second_ip>/29
etc

then:
# iptables -t nat -A PREROUTING -d <first_ip> -j DNAT \ --to-destination <first_servers_local_ip>

reverse for SNAT in POSTROUTING (especially for mailservers)

This might be a problem for rp_filter, so you may have to guard against spoofing some other way.

Craig


All times are GMT -5. The time now is 07:02 PM.