LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Public IPs behind router (https://www.linuxquestions.org/questions/linux-networking-3/public-ips-behind-router-94755/)

Buzer 09-20-2003 05:06 AM

Public IPs behind router
 
Hello. I have little problem. I'm getting router soon and I'd like to have public IPs for every computer behind router.

MOON (55.71.97.11) -------
|
|
HUB------ EUROPE (55.70.41.55) ---ADSL-modem
|
|
HADES (55.74.100.25) -----

Is it possible to get those IPs from DHCP? (so MOON eth0 sends request to EUROPE which would forward it to ADSL-modem which request address. Addresses are assigned by MAC-address (so IP is almost always same)) So I want 3 public IPs (which should be possible, becose I can get top 5 from my ISP)

Address request: MOON -> EUROPE -> Modem
Packets: Modem -> EUROPE (checks destination and is there something why it should be dropped. If there is, then it will drop it) -> DEST

Is it possible by just using dhclient eth0 and adding few IPtables rules to router (check example bellow)? Or do I need some special configuration?

iptables -A INPUT -d 55.71.97.11 -j DROP
iptables -A POSTROUTUING -p tcp --dport 80 --dst 55.71.97.11 -j SNAT --to-source 55.71.97.11

(yeah. I'm not very famiar with iptables yet, but point on that rule should be clear. It should block all incoming connections MOON expect connections to port 80, so it can run webserver).

Reason why I want many public is IPs is that HADES is my little brother computer. I want that he should be able to use same things (so he could example use IRC on servers which allows only one connection/IP. I don't thnk NAT will work on that).


Thank you for the answer.

Robert0380 09-20-2003 02:32 PM

yea u can use DHCP. in the dhcpcd.conf file, you specify the ip's that your server gives out. also, if you are using real ips, you dont have to MASQUERADE or SNAT unless you just want to make it look like all your packets are comming from 1 machine.

Robert0380 09-20-2003 02:36 PM

iptables -A POSTROUTUING -p tcp --dport 80 --dst 55.71.97.11 -j SNAT --to-source 55.71.97.11

this rule says:

when a packet is leaving the router, going to MOON's webserver, make it look like it is comming from MOON.

i don tthink that is what u intended for that rule to say. you'd end up with moon not responding to any web requests (it would respond back to itself)


All times are GMT -5. The time now is 05:04 PM.