Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-27-2008, 06:37 AM   #1
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 104

Rep: Reputation: 16
Public IP Addresses

Hi All

I have been using a single Public IP address and NATS on my FC Firewall system for many years without a problem. I redirect the appropriate ports to the required severs without problem. Our ISP has recently informed us that we now have 10 available Public IP addresses and I would like to know how I forward public IP addresses through the firewall server.

IP addresses shown are not my actual addresses but for example only.

Our set up is. SHDSL bridge modem to the FC8 Firewall. IP address on Eth1 is and Eth0 is

Here is my very basic code that I fall back on after server OS Update. It offers no protection but forwards to the lan. How would I change the script to incorporate Public addresses &

Do I need to add hardware. Extra Ethernet cards?

# Policies (default)
iptables -P INPUT ACCEPT

# FORWARD chain rules
# Accept the packets to forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# OUTPUT chain rules
# Only packets with a local address (no spoofing)
iptables -A OUTPUT -p ALL -s -j ACCEPT
iptables -A OUTPUT -p ALL -s -j ACCEPT
iptables -A OUTPUT -p ALL -s -j ACCEPT

# NATS for Internal network
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source
Thanks in advance
Old 06-27-2008, 04:11 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
well in what was do you want to use these IP's? there are many scenarios with different iptables commands. if you want those to be assigned to dedicated internal machines when reached from the net, it'd be a destination nat on the inbound connection:

iptables -t nat -A PREROUTING -i eth1 -d 62.x.y.z -j DNAT --to-destination

for example. so how do you want these other IP's to be used?
Old 06-30-2008, 01:02 AM   #3
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 104

Original Poster
Rep: Reputation: 16
Hi Chris

Yes I was intending to be using them as part of the cooperate structure. At present using the single address we have just one server doing all, I was looking at bringing on line an MX2 server and maybe other public servers.

I had the idea that I needed to have a physical interface holding the Public IP address before I could route it, but if all I need to do is use a standard PREROUTING command using the available addresses then I think I have control of the problem.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Binding 2 NICs (MAC addresses) to 2 IP Addresses in same Subnet RedHat EL4.0 skhira Linux - Networking 13 02-24-2008 08:16 PM
Howto Assign Multiple Static Public IP Addresses under SBC's PPPoE Static Ip system o trekgraham Linux - Networking 8 04-17-2007 10:51 AM
mechanics of mapping process memory addresses to physical addresses on amd64 Tischbein Linux - Kernel 2 02-01-2007 08:09 PM
Suse 9 oracle 10g installation DHCP-assigned public IP addresses problem adurmus Linux - Server 1 11-18-2006 10:48 PM
Multiple 'public' ip addresses mcleodnine Linux - Networking 3 05-09-2003 02:04 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:05 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration