LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-01-2013, 09:09 PM   #1
welusumana
LQ Newbie
 
Registered: Nov 2013
Posts: 5

Rep: Reputation: Disabled
Firewall / Routing Solution


Hi,

My existing network setup.

ISP Router|LAN IP (NAT by ISP) --> My LAN
203.XX.XX.XX|192.168.2.254/24 --> 192.168.2.0/24

My Requirement

ISP Router|LAN IP (NAT by ISP) --> My Linux Box With NAT --> LAN
203.XX.XX.XX|192.168.2.254/24 --> 192.168.2.231|192.168.2.232 --> 192.168.1.0/24

Point to have a such setup is

1. Monitor all the in & out traffic of the network.
2. Setup transparent proxy server for content filtering

I need your advice on below.

1. Is it possible to NAT in same IP range (192.168.2.231|192.168.2.232)
2. If not what is your recommendation for this setup
3. What is the syntax I should use to allow WAN to LAN traffic
 
Old 12-01-2013, 10:45 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
You cannot have the same IP network in two different places, if that's what you're asking.

If I've understood you correctly, you want something like this::
Code:
    (203.XX.XX.XX)
[ISP Router performing NAT]
    (192.168.2.254)
           |
  192.168.2.0/24 network
           |
    (192.168.2.231)
[Linux box performing NAT]
     (192.168.1.1)
           |
  192.168.1.0/24 network
           |
     [other clients]
That should work just fine, as long at the two network interfaces on the Linux box have IP addresses in different networks.

The dual NAT setup will take care of return packets from the Internet. If you want to forward ports to hosts on the 192.168.1.0/24 network, you'd have to first forward the ports in question from the ISP router to the Linux box, and then again from the Linux box to the relevant host(s) on the 192.168.1.0/24 network.

You may want to investigate the possibility of setting the ISP router in "bridge mode", as that would allow the external NIC on the Linux box to use the public IP address currently assigned to the ISP router. Whether or not that is possible depends on your ISP and the type of Internet connection you're using.
 
1 members found this post helpful.
Old 12-03-2013, 05:24 AM   #3
welusumana
LQ Newbie
 
Registered: Nov 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thanks for your reply, Yes you are perfectly correct..

1. to be sure "You cannot have the same IP network in two different places, if that's what you're asking." you mean by this my linux box with two NIC's which I am planning to do the NAT MUST be in two IP Ranges. as your example.?
(192.168.2.231)[Linux box performing NAT](192.168.1.1)

2. If I use public IP for one NIC in Linux Box how will I handle the other NAT Traffic from IPS router.

Linux NAT
---------
(203.xx.xx.12) [Linux box performing NAT](192.168.1.1)| |192.168.1.0/24 network |[other clients]


ISP NAT
-------

(203.xx.xx.13)
[ISPRouter performing NAT]
(192.168.1.20)Server
(This should be able to access from Internal & Externally)
192.168.1.0/24 network

Last edited by welusumana; 12-03-2013 at 05:42 AM.
 
Old 12-04-2013, 09:18 PM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
Quote:
Originally Posted by welusumana View Post
Thanks for your reply, Yes you are perfectly correct..

1. to be sure "You cannot have the same IP network in two different places, if that's what you're asking." you mean by this my linux box with two NIC's which I am planning to do the NAT MUST be in two IP Ranges. as your example.?
Sort of, yes.

IP addresses are grouped in networks or subnets as dictated by the network mask. For instance, a netmask of 255.255.255.0 means the first three octets of the IP address designate the network, and the last is the address of a host in that network. The same network cannot ever exist on both sides of a router.

Quote:
Originally Posted by welusumana View Post
2. If I use public IP for one NIC in Linux Box how will I handle the other NAT Traffic from IPS router.
You don't. When put in "bridge mode", the ISP router will no longer be NATing anything. Your Linux router will have to handle it instead.
 
1 members found this post helpful.
Old 12-04-2013, 09:44 PM   #5
welusumana
LQ Newbie
 
Registered: Nov 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thank you for your reply & explanation, it's neat & clearly explained. If I come up with more questions I will get back to you. Thank you again..!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN and routing issue with redirect-gateway iproute2 solution ? ddeted Linux - Networking 2 04-19-2011 03:58 AM
Net routing solution cheesewizz Linux - Networking 0 08-18-2010 07:27 PM
Generate Traffic with only one machine - what's wrong with my routing solution? PurpleRain Linux - Networking 1 05-05-2009 03:00 AM
debian PoPTop (pptpd), remote assistance solution routing fasta Linux - Networking 1 12-14-2006 08:24 AM
ppp, and or vpn routing solution scheidel21 Linux - Networking 5 01-31-2004 11:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration