Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Did a search but cant really find this answered as its slightly different.
Ive run a linux router as NAT box providing net access to 1 public ip to my lan for years so have grasped the basics. However my situation has changed a bit and i want to see if its feasable to use the linux box for this.
I have a /29 subnet providing me with 8 public IP addresses (for simplicity here i'll call it 184.108.40.206 - .8)
Currently my hardware ADSL modem/router is running host mapping NAT mode which means each of my own LAN IPs routes to its own unique public IP address.
As for what you're wanting to do, you'll probably do away with the hardware router thingie and use iptables with SNAT/DNAT rules to NAT the packets the way you want. The esaiest way to do this would be to have 2 nics in the linux machine. One on the public internet and the other connected to a switch with the machines on your LAN on it.
OK 8 ips with subnet and broadcast. 6 usables (if you include gateway).
I'll dig through the netfilter documents and look up snat/dnat to see if i can figure it out although i still have no idea how to go about setting up the linux interfaces and gateways. 2 NICs isnt a problem , the box already has them fitted from my old single IP firewall setup.
I belive what you want is called dnat (destination NAT) which sends packets into your network based on the destination IP. snat is source NAT and that sends the data from your network out to The Internet and masks it to look like it came from the one public IP.
Assuming you have computers on the LAN with private IPs that already can 'get to The Internet' since you said that works. You should be able to add rules to listen for incoming requests for the public IPs and send those to the appropriate internal IPs. I'm sorry that my firewall knowledge ends at theory, but it may be that you need prerouting or output rules for dnat instead of snat. You also need to make sure the linux firewall itself is getting requests to those IPs sent to it.
Another thing to consider is that if you have several computers on the LAN but only a few will have public IPs, it may be best to put the public computers into their own DMZ LAN. Now that I think about it, information about DMZs in any iptables documents you have been using for reference may provide better insight into how to do this.
Edit: I didn't mean to imply that you don't need snat at all, just that it appears you have snat working and to add the seperate IPs coming in you will be using dnat rules.
Basically i want NAT as transparent as possible, in other words i want to avoid port forwarding etc.
Example anything on external 220.127.116.11 i want to go to the same PC on the lan after firewalling which is why im assuming i need DNAT as well. SNAT re-writes the outbound stuff but incoming connections would need to be routed so DNAT would be needed there.