|
Home > Archive > alt.os.linux > October 2002 > ip aliasing, routes and ipchains
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ip aliasing, routes and ipchains
|
|
|
| hello all,
i would like to set up this linux server/NATing router like this..
has two public ip addresses on eth0 (11.11.11.2,11.11.11.3) eth1 is 10.0.0.1
and to nat a 10/8 network (which currently works through the '.2' address)
i would like all the normal traffic to use the '.2' address, and all the
traffic from the private network to be routed through the '.3' address.
anyone know how i can do this with ipchains?
thanks alot
| |
| David Means 2002-10-30, 10:24 pm |
| On Wed, 30 Oct 2002 22:34:07 -0500, r0 wrote:
> hello all,
>
> i would like to set up this linux server/NATing router like this..
>
> has two public ip addresses on eth0 (11.11.11.2,11.11.11.3) eth1 is
> 10.0.0.1 and to nat a 10/8 network (which currently works through the
> '.2' address) i would like all the normal traffic to use the '.2'
> address, and all the traffic from the private network to be routed
> through the '.3' address. anyone know how i can do this with ipchains?
>
> thanks alot
Okay, I'll admit: I'm confused. You've got two IP addresses on one device
(*.2 and *.3 on eth0). But, you want traffic on eth0 to use the .2
address and private traffice on eth0 to use the .3 address? What am I
missing here? It appears to me that all the traffic is using the same
wire, regardless of the source: public or private.
I don't understand how you intend to use eth1.
Alot is not a word. It's spelled: a lot.
David
| |
|
|
"David Means" <dmeans@the-means.net> wrote in message
news an.2002.10.31.03.50.45.50901.23907@the-means.net...
> On Wed, 30 Oct 2002 22:34:07 -0500, r0 wrote:
>
> > hello all,
> >
> > i would like to set up this linux server/NATing router like this..
> >
> > has two public ip addresses on eth0 (11.11.11.2,11.11.11.3) eth1 is
> > 10.0.0.1 and to nat a 10/8 network (which currently works through the
> > '.2' address) i would like all the normal traffic to use the '.2'
> > address, and all the traffic from the private network to be routed
> > through the '.3' address. anyone know how i can do this with ipchains?
> >
> > thanks alot
>
>
> Okay, I'll admit: I'm confused. You've got two IP addresses on one device
> (*.2 and *.3 on eth0). But, you want traffic on eth0 to use the .2
> address and private traffice on eth0 to use the .3 address? What am I
> missing here? It appears to me that all the traffic is using the same
> wire, regardless of the source: public or private.
>
> I don't understand how you intend to use eth1.
i use eth1 as my 10.0.0.1 gateway for the private network, its connected to
a separate private switch. but i would like traffic going from the internal
network to the internet to use the source address of the second public ip
(.3)
this is all because the .2 address resolves to a domain which i dont want
web traffic of the private network associated with. its cheaper to pay a
buck for another ip which resolves to nothing rather than another crappy pc
to do nat :/
i guess it might be easier to just run squid on the second ip address or
something..
thanks a lot.. ill try and remeber that
| |
| David Means 2002-10-31, 8:24 am |
| On Thu, 31 Oct 2002 02:22:53 -0500, r0 wrote:
{ snip }
>
> i use eth1 as my 10.0.0.1 gateway for the private network, its connected
> to a separate private switch. but i would like traffic going from the
> internal network to the internet to use the source address of the second
> public ip (.3)
>
> this is all because the .2 address resolves to a domain which i dont
> want web traffic of the private network associated with. its cheaper to
> pay a buck for another ip which resolves to nothing rather than another
> crappy pc to do nat :/
>
> i guess it might be easier to just run squid on the second ip address or
> something..
>
> thanks a lot.. ill try and remeber that
Ah, yes, I understand now. ipchains might be able to do that for you,
but you'd have to be certian that all the traffic you're interested in
routes to the .2 address.
Honestly though, I can't be certian. You'll just have to setup your
routes and nat and see what happens. The problem that you're going to
have making IP 'bind' to the correct address, and I don't know if that's
possible.
the ipchains rule on my system is:
$IPCHAINS -A forward -i $EXTERNAL_INTERFACE -s $LOCAL_NET -j MASQ
where:
IPCHAINS="/sbin/ipchains"
EXTERNAL_INTERFACE=$( /sbin/ifconfig | grep -i point-to-point | gawk '{ print $1
}') # pppX
LOCAL_NET="192.168.9.0/24"
| |
| Sybren Stuvel 2002-10-31, 8:24 am |
| David Means wrote:
> the ipchains rule on my system is:
>
> $IPCHAINS -A forward -i $EXTERNAL_INTERFACE -s $LOCAL_NET -j MASQ
>
> where:
>
> IPCHAINS="/sbin/ipchains"
> EXTERNAL_INTERFACE=$( /sbin/ifconfig | grep -i point-to-point | gawk '{
> print $1 }') # pppX
> LOCAL_NET="192.168.9.0/24"
I use iptables, and it works like a charm:
iptables -t nat -A POSTROUTING \
-s $INTERN \
-o $EXTERNAL_INTERFACE \
-j SNAT --to $EXTERN_IP
Where:
INTERN=10.0.0.0/16
EXTERNAL_INTERFACE=eth0
EXTERN_IP=194.109.221.152
As you can see, you can determine yourself to which IP address the source
address is mangled.
Sybren
--
To get the best help, ask questions the smart way:
http://www.tuxedo.org/~esr/faqs/sma...ions.html#intro
Don't crosspost. Post one post to a single group. If that group can't answer
your question, move on to the next group.
http://www.faqs.org/rfcs/rfc1855.html
| |
| David Means 2002-10-31, 8:24 am |
| On Thu, 31 Oct 2002 09:13:05 -0500, Sybren Stuvel wrote:
{ snip }
>
> I use iptables, and it works like a charm:
>
> iptables -t nat -A POSTROUTING \
> -s $INTERN \
> -o $EXTERNAL_INTERFACE \
> -j SNAT --to $EXTERN_IP
>
> Where:
>
> INTERN=10.0.0.0/16
> EXTERNAL_INTERFACE=eth0
> EXTERN_IP=194.109.221.152
>
> As you can see, you can determine yourself to which IP address the
> source address is mangled.
>
> Sybren
Where, there we have it: use iptables.
Thanks, mon!
|
|
|
|
|