I have a Suse 8.2 NAT box with 5 computers behind it and one of them is a webserver, and i also have two IPs from my ISP one is 190.160.52.200 which is the IP for the network and 190.160.52.201 which would be for the webserver. Can somone please tell me how to direct the IP 190.160.52.201 to the internal webserver which IP is 196.160.48.3. Thanks for any help.

Check out iptable or ip chain ...
You can even set up proxy/(caching server) on your NAT box, to forward the request on the "application level" (http) and not the tcp or ip levels.

Great caching/prozy server: squid

Firstly please explain what for you want second public IP to the web server?
All what you want (web server build up on internal machine) can be done using one IP.

Regarding the subject I can see three scenarios:
1. One common IP for all the services. Web server built up on internal box with internal IP.
2. Two IPs one of them dedicated to www server. Both of ones bind to the external eth. Web server built up on internal box with internal IP. Works like (1) with the only difference that two public IPs are used.
3. Two IPs one of them dedicated to www server. One of them bind to the external eth, the second one to the eth of web server.
3.a. Like 3 but web server eth have additionally the internal IP bound also.

So please clarify which scenario is interesting for you and why, since as I've written at the beginning: it is enough to have only one public IP to do what you want.

NAT Box.

eth0 -> 2 IPS (the public ones from your ISP, you actually only need 1 of them): external device (aa.bb.cc.dd/ee)

eth1 -> internal device (192.168.0.1)

Web Server Box.
eth0 -> internal device connected to NAT box. (192.168.1.2)

----------
Problem : You get a request to aa.bb.cc.dd port 80.
solution 1): You can use iptable/ipchain to forward all incomming packets from aa.bb.cc.dd on port 80 to 192.168.1.2 port 80 .
solution 2) you can use squid on your nat box. Squid acts as a caching server. Let say you call http://yourserver.com/index.html it lands you your NAT box. It lands on port 80 so quid kicks in to handle the responce. Squid check to see if /index.html is in it's cache ... if it is not -> it will call in your web server get index.html and forward it back to the user. If it is in the cache it will serve that copy back to the user.

Solution 1) -> 1 command line (or 2 max)
Solution 2) -> Installing + configuring squid + understanding how it works.

To be honest, I have never worked with iptable or ipchange or squid. I just know what they are and what they are supposed to do.

I realy doesnt matter why im using two ips its just i need 190.160.52.201 to go to my internal web server which is 196.160.48.3 and ive looked/tried everything, if someone could just get me on the right track.

anyone?

You say you have 2 ipadresses how do you connect to the net ? dsl cable ? are both adresses issued to you when you connect or what ?
because if that's the case (2 ip's on 1 nic) you could just make iptables post routing rules so that when a request is made to 190.160.52.201 it's redirected to the 196.160.48.3 webserver.
something like :
iptables -t nat -A PREROUTING -p tcp -d 190.160.52.201 --dport 80 -j DNAT --to 196.160.48.3:80
iptables -t nat -A PREROUTING -p tcp -d 190.160.52.201 --dport 443 -j DNAT --to 196.160.48.3:443

together with an input and a forward rule this could work.


GJB

Thank you GJB i will try this tommarow were connected by a T3 line. you are the first person to make sense any way you could tell me how i woulde add an input and forward rule? thanks again

you could try something like this :

iptables -A INPUT -p tcp -i $ext_if -d 190.160.52.201 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i $ext_if -d 190.160.52.201 --dport 443 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p -tcp -i $ext_if -o $local_if -d 196.160.48.3 --dport 80 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p -tcp -i $ext_if -o $local_if -d 196.160.48.3 --dport 443 -m state --state NEW -j ACCEPT

where $ext_if is your external interface e.g. ETH0 and $local_if is your local interface e.g. ETH1

Hope this helps ...

GJB

thank you and this should work but for some reason it just doesnt. When i do a iptables -L after i enter those commands there not in there anywhere do i have to save it or write to it or soemthing?

did you replace the $ext_if and local_if with the appropriate interfaces for your situation ??

could these lines interfere with your current running firewall ?

could you post your ifconfig and route -n info so i could take a look at it ?