Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do i configure my linuxrouter if i have for example 4 ip`s, and 100 local computers? Is there any way i can split my network into four so that 25 uses the first ip, 25 uses the second ip and so on? With iptables that is..or anything else would really work.
Now for my other question, how do i set up my linux router if i actually have 100 internet ip`s? Same thing here, with iptables or anything that would work..
I would set up my router to use four different subnets (one for each ip address you have).
Ie. if your first public IP address was 123.123.123.12 set up a private subnet of 192.168.1.0 for that IP, then for your second public IP, say 123.123.123.13 use 192.168.2.0.
Hope that will point you in some direction, and if you want any more clarification or anything, post here and I'll see if I can help any(more).
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
Another question to your question....
Just out of curiosity, why even do that? Why not just use a single IP for the entire internal networ? You've only got one pipe out to the internet right? You won't gain any bandwidth but you will add to you're router's processor load.
Best to think it through before causing yourself a headach for nothing.
I've posted below the steps I used to set up my RH9 router. I believe what you are looking for would be related to the 3rd step in configuring the POSTROUTING chain of the NAT table. Basically I would use SNAT to "Statically NAT" your internal ip range to the external IP. Something like:
iptables -t nat -A POSTROUTING -s 192.168.2.xxx/24 -j SNAT --to-source (insert public IP or range)
To set my pc up as a Linux gateway/router there seem to be three steps:
1. Enable IP forwarding.
2. Set firewall rules for the Filter table.
3. Set up postrouting on the nat table.
Step 1.
echo "1" > /proc/sys/net/ipv4/ip_forward
# Step 2. Commands to set up the firewall.
iptables -P INPUT ACCEPT # set default policy on the FILTER table INPUT chain to ACCEPT
iptables -F INPUT # flush the chain
iptables -P OUTPUT ACCEPT # policy for OUTPUT chain
iptables -F OUTPUT
iptables -P FORWARD DROP # policy for FORWARD chain
iptables -F FORWARD
iptables -t nat -F # flush the nat table
# Allow all connections OUT and only existing and related ones IN"
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#forward all packets from the internal interface if destined for the external interface
# Step 3. Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Try the command... I'm not sure if the "--to-source" statement is in the right place b/c I haven't used it, but if you get a syntax error just move it infront of the -j argument and try again..
Ok I'm no genius but i'll give it a shot. Of course for in depth understanding read the man page.
The above command makes an entry in the POSTROUTING chain of the NAT table. Telling it that whenever a new connection attempt is made from the source (-s 192.168.0.0/25) network, then the kernel should Statically Network Address Translate that IP to the (--to-source ) IP.
Basically you are reassigning the packet a new IP before it is transmitted.
It should set any ip address from 192.168.0.0/25 to <ip1>
and any ip from 192.168.0.128/25 to <ip2>
That IS what you are doing with SNAT. Using one IP(or group of ip's) for all traffic you send through the linux box. AKA you have many internal non routable IP's on your LAN(192.168.xxx.xxx) once they traverse the firewall to the outside world they are TRANSLATED to the public routable ip's. So that the only address the internet see's is your Public routable IP.
My home network for instance:
I have one static routable IP assigned from my ISP. I assign that address to eth0 NIC on my Linux box along with the subnet mask and GATEWAY address provided by my ISP.
Then I have another NIC eth1 in my Linux box. I assign that NIC 192.168.1.1/24, using eth0's address as it's GATEWAY. eth1 is then attached to a hub where all the other pc's in my network are attached.
Each of them uses 192.168.1.1(or the address of eth1) as their GATEWAY to the internet. When the client pc's make a request to the internet the frame is sent via the hub to the GATEWAY AKA eth1 on the Linux box, then the frame is TRANSLATED by SNAT to the public IP of eth0 and sent to the internet via my ISP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.