LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 09-02-2003, 11:36 AM   #1
irclord
LQ Newbie
 
Registered: Sep 2003
Posts: 10

Rep: Reputation: 0
IPtables and multiple IPs


*Server running RH8, laterst updates.*
Hi, I have a few queries, one of which is this main one. I have a broadband ADSL connection, and have been given a block of 8 ip addresses by my provider. assuming these ip numbers are 160 thru 167, that gives me 5 usable addresses, being 161 thru 165, with 166 being my router address. I am getting an internal routing card for my firewall/gateway, which I will of course set to the .166 ip number.

I also have a LAN on this side of the gateweay, with a number of systems on an internal IP range (say 192.168.0.1 thru 254). The gateway with the external card also has an internal NIC (with a LAN address of .1) and is therefore the gateway for all my LAN machines.

My problem is that I would like to set up a routing system using iptables (if thats correct) so that when incoming packets are submitted for any of the ips 161 thru 165, these are then forwarded to different machines on the LAN so, for instance, if a web client request is for .164, I would like that to be sent to internal machine number .3, and so on.

Is there an easy way to configure this, or is it beyond the realms of what can be done?

Thanks for your assistance
 
Old 09-02-2003, 11:42 AM   #2
thepurpleblob
LQ Newbie
 
Registered: Sep 2003
Posts: 25

Rep: Reputation: 15
Do you mean that you have 5 machines handling your five "real" IP addresses? In which case why not simply give those machines the "real" IPs configuring them on their own subnet - a DMZ subnet I suppose.
The rest are on another "secure" subnet using NAT
 
Old 09-02-2003, 12:40 PM   #3
irclord
LQ Newbie
 
Registered: Sep 2003
Posts: 10

Original Poster
Rep: Reputation: 0
No, I have a single connection to the internet via my gateway, which has (will have) an internal broadband 'modem' card. The IP external IP number of this is .166, to which my provider sends all requests for IPs 161 thru 165. All the other machines that I have are internal to the LAN, and have IP numbers in the range 192.168.0.1 thru whatever. A second NIC in the gateway deals with the LAN traffic and the LAN IP for the gateway is .0.1 - this is also set as the gateway address for all the LAN machines.

Basically I want a single connection to the internet using my gateway, which then picks up the destinations of the request packets, then depending on what they are, sends/routes them to various LAN machines. For instance:
  • Internet -> My Gateway -> LAN
  • ........ Internet IP .166 LAN 192.168.0.xx

    -> request for .165 -> to 192.168.0.15
    -> request for .164 -> to 192.168.0.24:5000
    -> request for .163 -> to 192.168.0.33:80

and so on....

Hope this makes it clearer
 
Old 09-03-2003, 10:18 PM   #4
myboysherman
LQ Newbie
 
Registered: Sep 2003
Distribution: Slackware
Posts: 18

Rep: Reputation: 0
I use iproute2 to do this but a bunch of aliases would probably work as well. I have assigned all the IPs to a single card and DNAT by destination IP. To your DSL router it will appear as if five cards are attached.

Use iptables to catch on destination and forward to whatever internal device you like.

so:
# ip address add dev eth0 <first_ip>/29
# ip address add dev eth0 <second_ip>/29
etc

then:
# iptables -t nat -A PREROUTING -d <first_ip> -j DNAT \ --to-destination <first_servers_local_ip>

reverse for SNAT in POSTROUTING (especially for mailservers)

This might be a problem for rp_filter, so you may have to guard against spoofing some other way.

Craig
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple External IPs with iptables tvynr Linux - Networking 11 11-08-2005 03:31 PM
Question about iptables and multiple external IPs tvynr Linux - Networking 2 10-12-2005 08:48 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 11:06 AM
IPtables and RH8 with multiple IPs irclord Red Hat 0 09-02-2003 11:28 AM
multiple ips, multiple gateways, one interface drpixel Linux - Networking 6 12-04-2002 01:56 AM


All times are GMT -5. The time now is 09:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration