LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-27-2003, 01:12 PM   #1
Sarcha
LQ Newbie
 
Registered: Feb 2003
Posts: 15

Rep: Reputation: 0
Static Ip's and Routing


I have just recently gotten into managing some linux servers and have a question about one of the setups I've run into. Right now at one site they have a static dsl pppoe connection which one of the servers is setup to connect to. However they have a block of 4 static ip's none of which are being used right now....I phoned the internet company to find out about the configuration and they said that those 4 static ip's have to be routed using a router through the static dsl connection. What I was wondering about was what is the benefit of having these static ip's and what would I have to do to go about setting a router to route the 4 ip's to the dsl ip
 
Old 02-27-2003, 01:29 PM   #2
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
A block of 4 addresses? Thats an interesting concept. IP address blocks come in powers of two i.e. 2,4,8,16,32 but you always lose two, the lowest address is always the generic network address and the highest is always the broadcast address. So if you have a block the number of free adresses should be 2,6,14 etc.

If you have a 4 block, then you have 2 useable hosts, these blocks are normally assigned to static addressed serial links.

You may have 4 free from a larger block, however if they are in the same subnet as the link you will have problems using them with a router. What address range do you have including subnet mask, and what are the assigned addresses of your PPP link.

That will tell you how free you are to play with the addresses you have.

If they are free and they are part of a real assigned internet subnet then you can set the host that is handling the PPP connection to route to the subnet on another nic.

Pete
 
Old 02-27-2003, 01:41 PM   #3
Sarcha
LQ Newbie
 
Registered: Feb 2003
Posts: 15

Original Poster
Rep: Reputation: 0
the four ip's would be something like 210.240.231.x the ip for the dsl ppp connection inet 210.240.232.x p-t-p 10.10.1.10 subnet 255.255.255.255

I want to eventually do is have at least two servers up with static ip's so that I can setup dns and nis
 
Old 02-28-2003, 05:14 AM   #4
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
OK,

as I'm sure you know 10.x.x.x is reserved address space, so this is what you are using internally? A mask of 255.255.255.255 is a host specific network mask which you would only see on an ISP assigned wan link, don't use it anywhere else. I'm guessing that the 213.240.231.x group is probably on a 255.255.255.240 or 248 subnet.

What you are probably looking for is something like this -

NAT
|
V
) --------------- |
ISP)-----DSL-------| FIREWALL |----------| Clean side 10.x.x.x net
) --------------- |
Dirty side |
| DMZ 172.16.1.x 255.255.255.0
____|_____
| |
---- ----
| S| | S |
---- ----

Running NAT on your firewall makes these servers appear to the outside world as members of your 213.240.231.x subnet.

You don't say how you are subnetting your 10. range but its not really relevant to the dirty side and DMZ. This is a pretty standard firewall setup, it should be running NAT to the outside using one of your 210.240.231.x addresses. Two others should be used to map from the Dirty side to the DMZ, so that the servers can be seen externally. I personally would drop the DMZ into another reserved range probably a 172.168.x.x network, then NAT in from the Dirty side using the two real addresses. This is a good way of doing things as it allows external access through the firewall but keeps the external traffic away from your internal network.

Another method (if servers are in short supply ) would be this -

NAT
|
V ____ |
) -------- |--------|Svr2 |------|
ISP)-----DSL-------| Svr1 |--- ----| ------- |
) -------- |

Dirty DMZ Clean


I would still use NAT on the 1st server plus some ip rules to only allow in stuff to the two servers, and I would put even stricter ip rules on the second server to prevent any incomming access.

This should have a similar effect. These are really the very minimum forms of network security, how far you go really depends on how hard someone is going to try to get your data.
 
Old 02-28-2003, 05:17 AM   #5
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
Sod it, why didn't that come out? All the spacings have been stripped out of my post.
 
Old 02-28-2003, 09:19 AM   #6
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
Lets try that again -

Code:
                  NAT
                   |
                   V
)                   ----------           |
ISP)-----DSL-------| FIREWALL |----------| Clean side 10.x.x.x net
)                   ----------           |
   Dirty side            |
                         | DMZ 172.16.1.x 255.255.255.0
                     ____|_____ 
                      |      |
                     ---   ---
                    | S | | S |
                     ---   ---


Another method (if servers are in short supply ) would be this -

                  NAT
                   | 
                   V                         _____       |
)                   ------         |--------|Svr2 |------|
ISP)-----DSL-------| Svr1 |--- ----|         -----       | 
)                   ------         | 

       Dirty                      DMZ                  Clean
Is that any better?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
static names with dynamic ip's linux_console Linux - Networking 2 01-12-2006 05:32 PM
static ip's with hub? heinola Linux - Networking 2 10-24-2005 10:17 PM
Static IP's with LAN/WAN nistur Linux - Networking 3 05-25-2005 06:01 PM
Routing with multiple static IP's? RedLance Linux - Networking 3 11-02-2003 05:37 AM
can i have both dhcp and static ip's ? mjenkins Linux - Networking 1 09-22-2003 10:29 AM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration