linux as a router

nick192 · 03-26-2009, 07:52 AM

Hi
These r IP provided by my ISP that i've put on Fedora 8:

WAN IP:xxx.xxx.xxx.17 (eth0)
Subnet:255.255.255.252
Gateway:xxx.xxx.xxx.18

Valid static(public) IP set of 2:
IP:xxx.xxx.xxx.147 & 148 (eth1, eth2)
Subnet:255.255.255.240

i want to run xxx.xxx.xxx.147 as a web server & xxx.xxx.xxx.148 as a ftp server. but I'm able to ping only xxx.xxx.xxx.17(WAN IP) from outside world. Can any1 tell me that how can i bring my 147 & 148 IP online without router.

JulianTosh · 03-27-2009, 12:25 AM

You must enable routing on your host to get to those IP addresses. There is no way around it.

It's no big deal and should be as easy as adding this to /etc/rc.local:
echo 1 > /proc/sys/net/ipv4/ip_forward

There's another method to enable routing via a kernel option, but I can't remember the specifics.

I dont think you need to bind the .147 and .148 IPs to eth1/2. You can bind them to logical interfaces off eth0 (such as eth0:0 and eth0:1). This way, you dont need link status to bring the interface up and active.

All that's left is to bind the httpd and ftpd services to the .147 and .148 IPs addresses and you're good to go.

JulianTosh · 03-27-2009, 12:37 AM

After reading what I just wrote, there will be some additional information needed.

When they assigned you the .147 and .148, did they give you any gateway information for that subnet? Or how did you come up with .147 and .148?

Those are odd numbers because those IPs are in the middle of the subnet xxx.xxx.xxx.144 / 255.255.255.240

.144 being the subnet address
.145-158 being valid host IPs on that subnet
.149 being the broadcast address for that subnet.

There must be at least one additional IP addresses on .144 / 255.255.255.240 assigned as a default gateway. You should be able to assign it yourself if the ISP hasn't already done so.

nick192 · 03-29-2009, 02:14 PM

sorry for late reply. i was on holidays.
few days back, workplace was like:
ISP<-->(a)cisco 1721 router(b)<-->(c-eth0)Server(d-eth1,e-eth1:0)

(a)
IP: xxx.xxx.xxx.17 (wan ip)
Subnet: 255.255.255.252
Gateway: xxx.xxx.xxx.18
(b)
IP: xxx.xxx.xxx.145 (valid ip)
Subnet: 255.255.255.240
(c)
IP: xxx.xxx.xxx.146 (valid ip)
Subnet: 255.255.255.240
Gateway: xxx.xxx.xxx.145
(d)
IP: xxx.xxx.xxx.147 (valid ip)
Subnet: 255.255.255.240
(e)
IP: xxx.xxx.xxx.148 (valid ip)
Subnet: 255.255.255.240

149-158 r unused ips. now router is dead. n i've to do it on linux server without using router. i've already done 'echo 1 > /proc/sys/net/ipv4/ip_forward' which didnt help.

JulianTosh · 03-29-2009, 10:35 PM

Quote:

Originally Posted by nick192

i've already done 'echo 1 > /proc/sys/net/ipv4/ip_forward' which didnt help.

It's helping, but you probably just need a little more tweaking. Show us your routing table with 'netstat -rnv'.

nick192 · 03-30-2009, 07:22 AM

Current scenario:

Code:

WAN IP:xxx.xxx.224.17 (eth1)
Subnet:255.255.255.252
Gateway:xxx.xxx.224.18

Valid public IP:
IP:xxx.xxx.224.145 (eth2)
Subnet:255.255.255.240
IP:xxx.xxx.224.146 (eth2:0) (consider running http on this ip for now)
Subnet:255.255.255.240
IP:192.168.0.3 (eth3-internal proxy server-connection to switch)
Subnet:255.255.255.0

Now

Code:

[root@dns ~]# netstat -rnv
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
xxx.xxx.224.16  0.0.0.0         255.255.255.252 U         0 0          0 eth1
xxx.xxx.224.144 0.0.0.0         255.255.255.240 U         0 0          0 eth2
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth3
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         xxx.xxx.224.18  0.0.0.0         UG        0 0          0 eth1

JulianTosh · 04-02-2009, 12:32 AM

im pretty sure the routes look good. do you have any firewall policies that might be blocking? Also, is eth2 up? without link status (it's not really connected to a broadcast domain, is it?), perhaps it's not actually up and active...