Unseen

[Log in to get rid of this advertisement]

I've got an easy networking question that seems to be baffling me.

I've got a home LAN that is currently set up to share one public IP. I recently purchased another IP address and can't really figure out a way to network everything together.

The machine I use to share my current IP is called tinyserv. Tinyserv is a debian machine running iptables, and has two network cards, one for the external (public IP), and the other that goes to the internal LAN. Everything is routed across fine.

In order to add another public IP, will I need to add another network card to tinyserv and connect it to the machine I want to have the public IP?

Another option might be connecting my second server to the LAN and having everything destined for the public ip address routed to it, but I'm not sure how to set this up.

I don't need to masquerade or anything through the other machine, I just want everything for the new public IP to be routed directly to it.

Any ideas?

Blindsight

You can do this with iptables. Look at the iptables HOWTO on www.tldp.org. You can probably accomplish this with one firewalling rule. Hint: FORWARD

Burke

Seems like most of the stuff I'm finding there applies to IPFW and IPCHAINS... IPTABLES docs seem to be in the works.

But, these are useful:
Setting up IP Aliasing on A Linux Machine Mini-HOWTO

Blindsight

a quick google search reveals:

http://www.linuxguruz.org/iptables/h...les-HOWTO.html

Unseen

Sorry, I'm probably retarded because I'm really new to a lot of the terminology in the iptables documentation, but I'm having problem relating the forwarding to my situation on multiple public IPs.

I did read something about aliasing the network card that has the public IP on it to have two IP's, is that not a good idea? I could then route everything coming into that IP over to an internal machine.

Blindsight, if I were to use forwarding, how woud the IPs be set up? Maybe that would make things clearer for me.

For example:

INTERNET <-------> Public IP on ETH0 on tinyserv, which forwards currently on as follows:

LAN IP (192.168.1.1) ETH1 on tinyserv <-----> ETH0 (192.168.1.100) on internal only computer #1
" <------> ETH0 (192.168.1.101) on internal only computer #2
" <------> ETH0 (192.168.1.102) on internal only computer #3
" <------> ETH0 (192.168.1.103) on internal only computer #4
...etc, until (my question):
" <------> ETH0 (public IP? or should this be LAN IP?) second server that I want to receive public IP #2 input.

Blindsight

Alright, what you want to do is this... setup a forwarding rule that says all incoming traffic destined for <public IP #2> is forwarded to internal IP 192.168.xxx.yyy.

To do this, you would need to subinterface. This means..
ifconfig eth0.0 <public IP #1> netmask <netmask>
ifconfig eth0.1 <public IP #2> netmask <netmask>

You may need to masquerade that?

Here's an excellent HOWTO on NAT'ing with iptables. I may need to read this one myself when I get a chance, I've been outta the game for a while.

http://www.mandrakesecure.net/en/docs/HOWTO/NAT-HOWTO/

You'll learn more researching this yourself then if I were to say "type iptables -I Forward -s 192.168.0.0/24 -d...".

Happy Hacking.

dsltech

you can always use

http://www.bbiagent.net

for you newbies out there.....it works for me. im still trying to grasp the full feel of linux myself, and this program made it easy to use both my windows machines and my two linux boxes

Blindsight

That BBI program is *not* what you want to run on your workstations. That's intended to be a router (and do what your 'tinyserv' is doing now).

By the way, the iptables rules mentioned in my previous post will be applied to your tinyserv.

By the way, you're not retarded. We all had to start somewhere.

Unseen

Thanks for the help, Blindsight!

That pointed me in the right direction! Woohoo!