ADSL

NiM · 03-05-2004, 10:09 PM

Hi,

In a few months I will be setting up a network in my student house.

Our internet connection will be ADSL from the UK provider Zen(.co.uk). We will be granted 8 static, internet-accessible IPs (I am aware that I can only use 5).

My problem is this - I will be using a RedHat Linux box (running the latest stable release, for now lets assume 9) - I have my adsl ethernet modem connected to eth0 and I have eth1 connected to a switch, connected to my 4 client PCs.

I need to know how to route the static IPs from the outside world to the clients (and back again). If possible, I'd like to set all the clients up with their static external IPs, that is, I don't want my clients to hold 192.* addresses.

I'd also like the linux box to have it's own IP.

I am aware that I could buy a hardware router or bridge and save myself a lot of time, but, later, I will need to try and implement some traffic shaping to ensure bandwidth is shared and HTTP always has priority over P2P downloads.

Many thanks for your help,
- Nick

linuxxed · 03-06-2004, 06:57 AM

I see that you don't want to use NAT. OK here it is.

Say your ISP has given you 8 static IPs. One will go to the modem/router (Say Dlink) which authenticates your ADSL connection.

ISP --IP1--[ROUTER/MODEM]--IP1--

You'd want to assign same IP both internally and externally to the Modem/Router. Now get Two NICS for each machine. Assign the static IP to one NIC on each machine. Connect the machines to the router. On the other NIC connect the machines to act as the internal LAN. You can of course choose not to buy the other NIC for each computer but 5 Quid /machine certainly does not hurt much. The purpose of the second NIC is say you want to do LDAP replication or SQL replicaion etc etc .. you can do it via other NIC for security.

Note that you are not firewalled now. Your router/modem will pass all the other IPs (IP2-8) through and your linux boxes need some firewall like Iptables. Two NICS give you the benefit of distinguishing the INTERNET and INTRANET easily and control with IPtables script

Many people prefer Hardware firewalls over software ones. Added security is achieved by placing another piece of hardware in between MODEM/Router and your linux boxes - say another linux box which acts like a firewall/gateway/router. You can assign multiple IPs to this box and prepare a nice iptables script and route packets accordingly. On the other linux boxes you can set your gateway to your linux firewall box. Note that this firewall will eat up another Static IP in this case.

But it all depends upon balancing the security and cost.

Hope this helps.