outsource from india chennai india programmers freelance php coder freelance outsource scripts programming complicated perl patterns php module installation
outsource from india perl installation and configuration php installation linux system administration US$15,US$19,US$11,US$10 cheap programmer
india outsource outsource india chennai india programmers php perl mysql freelance freelance programmer
SHOWCASE of php and perl scripts CONTACT US for php custom perl scripts
HOME
 
Linux IP Masquerade HOWTO
PrevChapter 7. Frequently Asked QuestionsNext

7.32. ( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to PORTFW to several internal machines. How do I do this?

You DON'T do this with MASQ.

MASQ is a 1:Many NAT setup which is the incorrect tool to perform what you are looking for. You are looking for is either Many:Many NAT solution or a Briding setup.

NOTE: For users out there who are thinking about enabling multiple IP addresses on one internal NIC using "IP Alias" and then just PORTFWeding ALL of those ports (0-65535), and and finally use IPROUTE2 to maintain the proper source/destination IP pairs. This has been done SUCCESSFULLY on 2.0.x kernels and less successfully on 2.2.x kernels. Regardless of success, that isn't the proper way to do it, it's a total HACK, and it is not a supported MASQ configuration. Please, give IPTABLES on the 2.4.x kernels a serious look or to a much lesser extent, Section 7.30 IPROUTE2 look for 2.2.x kernels.

Anyway, for forwarding external IP address to internal hosts, you basically have three possibilites: 

  • 1. Route the external IPs 

   (This does NOT involve IPMASQ at all but requires special WAN addressing 
    and routing setup from your ISP):

    Internet -- Some public WAN -- Linux -- DMZ segment
                   IP address      Server     PUBLIC IPs
                                     |
                                     +------ Internal net
                                              private IPs

  • 2. 1:1 NAT 

   (Most easily done via IPTABLES or with IPCHAINS and IPROUTE2 but still 
    some protocols cannot deal with NAT)

    Internet -- Linux -- DMZ segment
                Server     Private IPs natted to 1:1 PUBLIC IPs
                   |
                   +------ Internal net
                            private IPs

  • 3. Bridging:  

   This is how most commercial firewalls do it as it's very slick.  Basically, 
   all public IPs transparently flow through the Linux server to the DMZ but 
   via firewall inspection.

    Internet -- Linux -- DMZ segment
                Server     PUBLIC IPs
                  |
                  +------ Internal net
                           private IPs

Though this howto doesn't cover items #1 and #2 yet, email me and I can give you a hand. For item #3, this isn't IPMASQ anymore and thus I can't help you. Fortunately, there are a few HOWTOs out there on the topic:

NOTE: If you have a bridged DSL or Cablemodem connection (not PPPoE), things are a little more difficult because your setup isn't routed. No worries though, check out the Bridge+Firewall Mini HOWTO and the Bridge+Firewall+DSL Mini HOWTO. These HOWTOs will teach you how to get your Linux box to support multiple IP addresses on a single interface!

PrevHomeNext
( ACCOUNTING ) - I need to do accounting on who is using the networkUp( Netstat ) - I'm trying to use the NETSTAT command to show my Masqueraded connections but its not working

Linux HOWTO full list
   This document, LDP HOWTO-INDEX, is copyrighted (c) 1995 - 2002 by Tim Bynum, Guylhem Aznar, Joshua Drake and Greg Ferguson. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html. If you have questions, please contact the LDP.
Web Design Copyright © 1999-2003. Chrisranjana Software Solutions Pvt Ltd. syndicate rss feed