LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   public IP pool behind linux router (http://www.linuxquestions.org/questions/linux-networking-3/public-ip-pool-behind-linux-router-823550/)

netguy2000 08-02-2010 07:52 AM

public IP pool behind linux router
 
Dear Guru help require.
I have scenario to solve, I have to configure public IP on my network PC which are behind Linux router.

110.88.89.66/32(router WAN-IP eth1) --> 192.168.1.1 eth0 and 110.88.90.69/29 eth0:1 (router LAN-IP)
default GateWay of my linux router is 110.88.89.65

now I configure IP 110.88.90.90/29 on my windows machine, and Internet is working fine , but I get 110.88.89.66 on www.whatismyip.com, question is WHY this IP shows on whatismyip.com???? why 110.88.90.90 not shows on whatismyip.com??? what I am doing wronge?? help me

what router or iptables command I mis??


NETGUY.

lartman 08-02-2010 10:30 AM

Is the router configured to do NAT?

armbp1972 08-02-2010 11:52 AM

It looks to me the same, your linux router is doing some kind of NAT

netguy2000 08-04-2010 02:06 AM

yes my linux router also do NATing
but i dont think this problem belongs to NAT.
if so then please help me how and why?

NETGUY.

lxf 08-04-2010 04:45 PM

You should provide more information about your router and network. First you should provide us your network stuff from your router (especially NAT rules, routes and interfaces). Beside of that I still didn't get why you use 192.168.1/24 as you seem to not need it. In short: be more verbose.

netguy2000 08-05-2010 01:04 AM

following are my Linux router information

eth1= WAN IP= 110.88.89.66/32
Gateway= 110.88.89.65
eth0= LAN IP= 192.168.1.1/24

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

routing table is

110.88.89.64 0.0.0.0 255.255.255.252
192.168.1.0 0.0.0.0 255.255.255.0
0.0.0.0 110.88.89.65 0.0.0.0

My ISP gave me IP Pool 110.88.90.68/29 to use this on my LAN.
my question is how can I use this IP pool on LAN side interface.
i think now its simple.

192.168.1.0 /24 is my LAN network and I can not change this, because i have near 180 PCs on my LAN.

Help require.

NETGUY.

lartman 08-05-2010 01:15 AM

Configure 2 addresses on the lan nic.
eth0 = 192.168.1.1/24
eth0.1 = 110.88.90.69/29
remove masquerade all and configure nat for just the 192.168.1.0/24 subnet.

netguy2000 08-05-2010 02:55 AM

what will be the NAT command for 192.168.1.0/24 and 110.88.90.68/29
Plz help

NET

netguy2000 08-05-2010 06:23 AM

i DID this

configure eth0:1 with IP 110.88.90.69/29
and

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0

my PC on LAN side IP is 110.88.90.70/29 and it gateway is 110.88.90.69 with google DNS

Now what to do??? still not working

NETGUY.

jschiwal 08-05-2010 06:44 AM

You have a block of 8 IPs.
Code:

    8      3    /29          255.255.255.248
The last three bits determine which host is addressed.

The first one will have these bits all zeros. This is your network address. The last one has all three bits ones. This is your broadcast address. One of IP addresses will be used for your router's gateway address. By convention, the first or last legal IP address for your network (not ending in 000 or 111).

Your IP addresses are all over the place. Please indicate what block of address you were given by your ISP.
Maybe you transposed a couple numbers.
This doesn't make sense: 110.88.90.69/29
But this does: 110.88.90.96/29

You have two networks. One with a private address range. Another with a public address range. Your router will have one rule to route traffic for each range, with the private being masqueraded to one or more of your public IP addresses.

If you have a block of public IP addresses because you are offering services on the Internet, then you should have two firewalls and place the public hosts in the DMZ. You want to isolate the LAN traffic from incoming Internet traffic. You could also use three NICs. One for the WAN, one for the DMZ and one for the LAN.

I would recommend you read through the Network Administrators Guide book. It is an O'Reilly book. The second edition is available for free:

www.tldp.org/ldp/nag2/nag2.pdf

lartman 08-05-2010 06:47 AM

Something like:
Code:

# NAT for the private subnet
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -d 192.168.1.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT

# forward everything for the public subnet
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -d 110.88.90.??/29 -j ACCEPT


xmachina47x 10-31-2011 07:03 AM

Quote:

Originally Posted by netguy2000 (Post 4056642)
i DID this

configure eth0:1 with IP 110.88.90.69/29
and

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0

my PC on LAN side IP is 110.88.90.70/29 and it gateway is 110.88.90.69 with google DNS

Now what to do??? still not working

NETGUY.

hello
is it working now? if so..can you please help me to..i have the same problem :) 10x a lot


All times are GMT -5. The time now is 06:01 AM.