-   Linux - Networking (
-   -   Static IP range routing on Linux (

fmillion 02-01-2013 11:36 AM

Static IP range routing on Linux
I just got business Internet service and signed up for a block of static IPs.

I'm a bit confused as to how the routing for this should work.

The ISP just provides a modem with a single Ethernet coming out the back. My Linux box has two interfaces and has until now been being used successfully as a NAT router.

Oddly, they gave me a single static IP, then a range which is completely different.

Here's basicallly what I got, with IPs masked for privacy:, with a gateway of (.2 through .14), with a gateway of

(Whenever I use these ranges in this description, remember these are just masked - the IPs given by the ISP are real public routable IP addresses.)

Let's assume eth0 is the LAN and eth1 goes to the cable modem.

I want to be able to have both a NAT range (for computers that don't need access to the internet) and public IP routing. The computers all may need to access each other in a LAN setting (I should be able to use things like Apple's discovery protocols and stuff between any device, whether it has a public IP or a private one.)

I got my box online using that single IP ( in this case) but I can't figure out how to get the /28 subnet routed.

I understand that packets going to must go out eth1 to the modem.

What I tried to do is to set my internal LAN (eth0) network card to have a second IP address (say, contained in the static IP space, and then manually add a route to put out eth1. This doesn't work, because machines send out ARP requests for (if they believe that's the gateway they should be using) and nothing answers.

If I tell machines that is the router, they just pass through the NAT and their traffic goes out

I'm sure I'm missing something here but could anyone give me at least a pointer in the right direction? I do have some experience with IP routing but this situation is new to me.

What's confusing me is that the default gateway ( is on one interface but the machines with the static IP addresses are on another interface. This means I basically have one subnet that crosses two interfaces. Using raw Ethernet bridging wouldn't be an option because this would interfere with the NAT function (at least I think it would??) and as far as I know would interfere with computers having static addresses being able to access NATted machines. Adding a NAT router would screw up LAN-based discovery protocols and such - due to the design, a non-NATted computer wouldn't be able to access a NATted one.

Any advice is greatly appreciated!


KinnowGrower 02-02-2013 11:02 AM


Oddly, they gave me a single static IP, then a range which is completely different.

Here's basicallly what I got, with IPs masked for privacy:, with a gateway of (.2 through .14), with a gateway of
Can you clarify more?. ISP gave you only one IP. Then what is second subnet range with /28. Is it your internal network or what?. Also draw router/network for more clarification



ISP    ----------------      Internal Network IPS
--------|  router    |---------

So draw some thing as shown above

scheidel21 02-05-2013 06:49 PM

This is common, the WAN ISP redirects those other IPs to the WAN IP you have, it acts as the gateway for those. There is no routing involved. Your router, whether it be the ISP modem with built in router or your Linux machine will have to identify requests coming into these IPs and do something with them. In a NAT environment this would usually entail what the call mapping and IP or 1-1 NAT. In Linux this would be handled by IPTables see this

The ability to access these Public IPs from internal LAN machines will depend of whether your router handles hairpinning.

fmillion 02-21-2013 10:07 AM

I will post a detailed network diagram later today.

I have packet-sniffed the WAN interface on my box while sending pings at my range of static IPs. The packets come in unaltered. No NAT is being done at all on the ISP side. If I ping from outside, I see a ping coming in on the wire destined for

The only immediate way I've solved this is to assign ALL of the static IPs as secondary (multihoming) IPs on the WAN interface then use IPtables/NAT to forward connections to the desired internal machine.

While this works for most situations, there's a few cases - namely SIP but others as well - where things get confused without the boxes having their real IPs. For example if the box thinks its IP is but it is directly accessible from the world via then it causes problems when it broadcasts that its IP is to the Internet...

So my goal was to be able to give the machine on the internal LAN its public side IP (even if this must be done with static IPs) but still be able to access that machine from other machines inside the LAN via its world-routable IP. So for example, on machine I want to be able to go to and reach that box even though it's on the same LAN...

This seems like it has to be possible somehow as I've seen it done on large networks.

Diagrams coming soon.


scheidel21 02-21-2013 07:35 PM

There won't be any NAT on the ISP side the NAT is on your router and 1-1 NAT configured on your router, it's essentially the same as giving a public IP to the machine it maps that for all intensive purposes the PC with the internal IP address of X is the machine that is given the public IP address of Y.

You can do what you want but you will likely have to place the router and the machine you want to have the public IP behind the modem, or gateway, or place the machine in a DMZ on a bridged (no NAT) interface behind your router.

FTech Blog 02-21-2013 09:42 PM

I am facing one problem while connecting internet on my PC which has Ubuntu installed on it. Everytime I have to edit the IP address then only it is getting connected. Suggest me something so that this problem (everytime changing IP) will not come again.

All times are GMT -5. The time now is 12:01 AM.