Some linuxrouter network questions
 

Greetings

How do i configure my linuxrouter if i have for example 4 ip`s, and 100 local computers? Is there any way i can split my network into four so that 25 uses the first ip, 25 uses the second ip and so on? With iptables that is..or anything else would really work.

Now for my other question, how do i set up my linux router if i actually have 100 internet ip`s? Same thing here, with iptables or anything that would work..

Thanks! :)

I would set up my router to use four different subnets (one for each ip address you have).

Ie. if your first public IP address was 123.123.123.12 set up a private subnet of 192.168.1.0 for that IP, then for your second public IP, say 123.123.123.13 use 192.168.2.0.

Hope that will point you in some direction, and if you want any more clarification or anything, post here and I'll see if I can help any(more).

Tap

yes i was thinking the same thing, but then again i am a newbie at this :)
How would i do things with iptables then?

Another question to your question....
 

Just out of curiosity, why even do that? Why not just use a single IP for the entire internal networ? You've only got one pipe out to the internet right? You won't gain any bandwidth but you will add to you're router's processor load.

Best to think it through before causing yourself a headach for nothing.

I've posted below the steps I used to set up my RH9 router. I believe what you are looking for would be related to the 3rd step in configuring the POSTROUTING chain of the NAT table. Basically I would use SNAT to "Statically NAT" your internal ip range to the external IP. Something like:

iptables -t nat -A POSTROUTING -s 192.168.2.xxx/24 -j SNAT --to-source (insert public IP or range)


To set my pc up as a Linux gateway/router there seem to be three steps:
1. Enable IP forwarding.
2. Set firewall rules for the Filter table.
3. Set up postrouting on the nat table.

Step 1.
echo "1" > /proc/sys/net/ipv4/ip_forward

# Step 2. Commands to set up the firewall.

iptables -P INPUT ACCEPT # set default policy on the FILTER table INPUT chain to ACCEPT
iptables -F INPUT # flush the chain
iptables -P OUTPUT ACCEPT # policy for OUTPUT chain
iptables -F OUTPUT
iptables -P FORWARD DROP # policy for FORWARD chain
iptables -F FORWARD
iptables -t nat -F # flush the nat table
# Allow all connections OUT and only existing and related ones IN"
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#forward all packets from the internal interface if destined for the external interface

# Step 3. Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.0.0/25 -j SNAT --to-source <ip1>

iptables -t nat -A POSTROUTING -s 192.168.0.128/25 -j SNAT --to-source <ip2>


Something like this you mean? Some guy tried to help me but i didnt understand much what those commands really do..

You are correct sir!

Try the command... I'm not sure if the "--to-source" statement is in the right place b/c I haven't used it, but if you get a syntax error just move it infront of the -j argument and try again..

Good Luck.

Ok, thanks :) But actually, what does those commands do? i cant see wich ip range goes to ip1 and what ip range that goes to ip2.. Yes newbie alert :)

iptables -t nat -A POSTROUTING -s 192.168.0.0/25 -j SNAT --to-source <ip1>

Ok I'm no genius but i'll give it a shot. Of course for in depth understanding read the man page.

The above command makes an entry in the POSTROUTING chain of the NAT table. Telling it that whenever a new connection attempt is made from the source (-s 192.168.0.0/25) network, then the kernel should Statically Network Address Translate that IP to the (--to-source ) IP.

Basically you are reassigning the packet a new IP before it is transmitted.

It should set any ip address from 192.168.0.0/25 to <ip1>
and any ip from 192.168.0.128/25 to <ip2>

hope that helps. Theses are all firewall rules.

Ok, thanks :) You made it all clear to me :)

And now to my other question, how should i do things with linuxrouter if i do have enough internet ip`s for all the computers in my network?

That IS what you are doing with SNAT. Using one IP(or group of ip's) for all traffic you send through the linux box. AKA you have many internal non routable IP's on your LAN(192.168.xxx.xxx) once they traverse the firewall to the outside world they are TRANSLATED to the public routable ip's. So that the only address the internet see's is your Public routable IP.

My home network for instance:
I have one static routable IP assigned from my ISP. I assign that address to eth0 NIC on my Linux box along with the subnet mask and GATEWAY address provided by my ISP.
Then I have another NIC eth1 in my Linux box. I assign that NIC 192.168.1.1/24, using eth0's address as it's GATEWAY. eth1 is then attached to a hub where all the other pc's in my network are attached.
Each of them uses 192.168.1.1(or the address of eth1) as their GATEWAY to the internet. When the client pc's make a request to the internet the frame is sent via the hub to the GATEWAY AKA eth1 on the Linux box, then the frame is TRANSLATED by SNAT to the public IP of eth0 and sent to the internet via my ISP.


Internet-->ISP-->DSL Modem--> (eth0) Linux Box (eth1) --> Hub --> Client PC's

Hm, i ment if i got 100ip`s from my isp :)

sorry about that. I read that as don't not do. My mistake.

If you have enough public IP's what do you want the Linux router to do? Simply act as a firewall?

Not sure I'm clear on what you are trying to do.

Ok, my english isnt very good :)

Here it goes: How should i set up the internet access to my lan if im not going to use nat? Since i have 100ip`s..

Just don't use the NAT part of the rules. Should work if you just follow the rules I posted previously and omit step 3.