Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-01-2013, 11:36 AM   #1
Registered: Nov 2006
Posts: 91

Rep: Reputation: 27
Static IP range routing on Linux

I just got business Internet service and signed up for a block of static IPs.

I'm a bit confused as to how the routing for this should work.

The ISP just provides a modem with a single Ethernet coming out the back. My Linux box has two interfaces and has until now been being used successfully as a NAT router.

Oddly, they gave me a single static IP, then a range which is completely different.

Here's basicallly what I got, with IPs masked for privacy:, with a gateway of (.2 through .14), with a gateway of

(Whenever I use these ranges in this description, remember these are just masked - the IPs given by the ISP are real public routable IP addresses.)

Let's assume eth0 is the LAN and eth1 goes to the cable modem.

I want to be able to have both a NAT range (for computers that don't need access to the internet) and public IP routing. The computers all may need to access each other in a LAN setting (I should be able to use things like Apple's discovery protocols and stuff between any device, whether it has a public IP or a private one.)

I got my box online using that single IP ( in this case) but I can't figure out how to get the /28 subnet routed.

I understand that packets going to must go out eth1 to the modem.

What I tried to do is to set my internal LAN (eth0) network card to have a second IP address (say, contained in the static IP space, and then manually add a route to put out eth1. This doesn't work, because machines send out ARP requests for (if they believe that's the gateway they should be using) and nothing answers.

If I tell machines that is the router, they just pass through the NAT and their traffic goes out

I'm sure I'm missing something here but could anyone give me at least a pointer in the right direction? I do have some experience with IP routing but this situation is new to me.

What's confusing me is that the default gateway ( is on one interface but the machines with the static IP addresses are on another interface. This means I basically have one subnet that crosses two interfaces. Using raw Ethernet bridging wouldn't be an option because this would interfere with the NAT function (at least I think it would??) and as far as I know would interfere with computers having static addresses being able to access NATted machines. Adding a NAT router would screw up LAN-based discovery protocols and such - due to the design, a non-NATted computer wouldn't be able to access a NATted one.

Any advice is greatly appreciated!


Last edited by fmillion; 02-01-2013 at 12:13 PM.
Old 02-02-2013, 11:02 AM   #2
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347

Rep: Reputation: 34
Oddly, they gave me a single static IP, then a range which is completely different.

Here's basicallly what I got, with IPs masked for privacy:, with a gateway of (.2 through .14), with a gateway of
Can you clarify more?. ISP gave you only one IP. Then what is second subnet range with /28. Is it your internal network or what?. Also draw router/network for more clarification


ISP     ----------------       Internal Network IPS
--------|   router     |---------
So draw some thing as shown above

Last edited by KinnowGrower; 02-02-2013 at 11:03 AM.
Old 02-05-2013, 06:49 PM   #3
Senior Member
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,315

Rep: Reputation: 98
This is common, the WAN ISP redirects those other IPs to the WAN IP you have, it acts as the gateway for those. There is no routing involved. Your router, whether it be the ISP modem with built in router or your Linux machine will have to identify requests coming into these IPs and do something with them. In a NAT environment this would usually entail what the call mapping and IP or 1-1 NAT. In Linux this would be handled by IPTables see this

The ability to access these Public IPs from internal LAN machines will depend of whether your router handles hairpinning.
Old 02-21-2013, 10:07 AM   #4
Registered: Nov 2006
Posts: 91

Original Poster
Rep: Reputation: 27
I will post a detailed network diagram later today.

I have packet-sniffed the WAN interface on my box while sending pings at my range of static IPs. The packets come in unaltered. No NAT is being done at all on the ISP side. If I ping from outside, I see a ping coming in on the wire destined for

The only immediate way I've solved this is to assign ALL of the static IPs as secondary (multihoming) IPs on the WAN interface then use IPtables/NAT to forward connections to the desired internal machine.

While this works for most situations, there's a few cases - namely SIP but others as well - where things get confused without the boxes having their real IPs. For example if the box thinks its IP is but it is directly accessible from the world via then it causes problems when it broadcasts that its IP is to the Internet...

So my goal was to be able to give the machine on the internal LAN its public side IP (even if this must be done with static IPs) but still be able to access that machine from other machines inside the LAN via its world-routable IP. So for example, on machine I want to be able to go to and reach that box even though it's on the same LAN...

This seems like it has to be possible somehow as I've seen it done on large networks.

Diagrams coming soon.

Old 02-21-2013, 07:35 PM   #5
Senior Member
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,315

Rep: Reputation: 98
There won't be any NAT on the ISP side the NAT is on your router and 1-1 NAT configured on your router, it's essentially the same as giving a public IP to the machine it maps that for all intensive purposes the PC with the internal IP address of X is the machine that is given the public IP address of Y.

You can do what you want but you will likely have to place the router and the machine you want to have the public IP behind the modem, or gateway, or place the machine in a DMZ on a bridged (no NAT) interface behind your router.
Old 02-21-2013, 09:42 PM   #6
FTech Blog
LQ Newbie
Registered: Feb 2013
Posts: 2

Rep: Reputation: Disabled
I am facing one problem while connecting internet on my PC which has Ubuntu installed on it. Everytime I have to edit the IP address then only it is getting connected. Suggest me something so that this problem (everytime changing IP) will not come again.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic routing isn't done; static routing works for about 2 seconds for wireless gregorian Linux - Networking 7 02-19-2010 06:43 AM
[SOLVED] What are short range link and long range links in routing? mq15 Linux - Networking 6 06-26-2009 11:16 PM
Routing : Route an ip differently from its ip range bala.linux Linux - Networking 3 05-07-2008 06:58 AM
Static Routing in Linux suvajit Linux - Networking 4 05-16-2003 02:54 AM
Static Ip's and Routing Sarcha Linux - Networking 5 02-28-2003 08:19 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration