routing multiple ips

linuxxed · 02-13-2004, 04:12 AM

Peeps,

I've a business account with 6-7 public Ip addresses and I want to route the extra ip addresses without compromising the security. I've a Dlink 504 modem+router (192.168.0.6 say) which says it has got multi nat but there is no documentation. I've two linux machines on the lan with just one NIC each (say 192.168.0.45 & 46). I'm using NAT to map the primary public IP to access the machines from outside the Dlink. Now the trouble is how to route the extra public IP address.

1) Should I configure IP aliases on the linux boxes to add 10.0.0.45 & 46, make the int IP of Dlink 10.0.0.6 and then make the machines DMZ? I can use Iptables to block anything suspicious coming on 10.* network. Any internal communication between the machines can take place on 192.* network. Is this safe?

2) Or should I configure the IP aliases on the linux boxes as PUBLIC IP addresses, and disable NAT?

3) Or should I buy another NIC for each machine?

4) Or Should I buy additional routers (say belkin), make it's IP address as external public IP and then port forward it to the machine.

5) I can get another linux box to sit in front of mach 1 & 2 and act as a router with multiple aliases but I don't have the money.

Dlink's multi NAT is a nightmare. How do you route multiple public ip addresses?

help?

Thanks

schagnot · 02-13-2004, 07:31 AM

I am not really sure of your goal, so I am going to be a bit vague. You can do all of this on your DLINK by adding one NAT rule for each of the six public IP's to the same nic. You can do a port translation so that you can run multiple instances of each service if you wanted. For instance:

Public 123.123.123.123 port 80 >> Private 10.0.0.45 port 80
Public 123.123.123.124 port 80 >> Private 10.0.0.45 port 8080

You could also set up NAT rule on the DLINK (Actually.. I have never used a DLINK router but you SHOULD be able to) to point all traffic going to host 123.123.123.123 >> 10.0.0.45 and you can do that for each IP.

You could put aliases on the Linux box to handle the different IP's if you are trying to host a web site and don't feel like doing the port translation as in example one. (like if you are trying to run a web server for several different sites).

You could create a static route on the DLINK that points all network traffic to the external interface of one of your linux boxes and let Linux be the router that handles everything.

There are a lot of ways to do something like this, but you must have a goal in order to decide the best way to do it.