Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hey, I've got some questions about Linux routing, etc. you guys might be able to answer-
I've got a dual proccessor linux server with two NICs in it. the first NIC is connected to the internet, where i have 12 IPs bound to its mac address. The 2nd nic is connected to the rest of my LAN.
How can I assign IPs to computers on my lan? I don't want to use NAT or anything of the sort. Are there any "guides" to working with this type of situation? thanks,
RL
I think what you are after is called DHCP.
This asigens IPs you the rest of your network computers when they conect.
IT all happens automaticalyCaveman
0 
Hello,
Like Caveman says DHCP will assign those IPs dinamically and automaticaly, but is this what you want or you are just asking for routing those IPs to the hosts located on your LAN?
Can you explain a little more your network situation and your needs?
jmiturbe
0
Hmm... I see how non-descrypt I was.
my ISP has bound 12 IPs to the mac address of one of the NICs in my linux server. Firstly, I've never worked on a system with more than one IP bound, and as such don't really understand how any computer normally deals with something like that. I want the ability, within the linux system, to make one IP a primary DNS server, and another IP the 2ndary. More importantly, though, I want to be able to pass a few of the IPs on to windows systems within my LAN.
I want the IPs to be static-never ever changing (this can still be done within dhcp). Furthermore, I want it to seem in every way that those systems are not being routed through the linux box (although I would like some firewallish control).
Will the linux server NORMALLY handle things like this? If i properly configure the DHCP server is this something it's capable of? Are there any resources you can point me to in that would assist me?
0
You have conflicting goals. You want all the computers to have outside IPs, but yet you only want them to see the router.
All of my router experience has been in OpenBSD, and I think it would be possbile with NAT (which you don't want for some reason), assuming Linux has the same features.
Here's what you do:
Router has one NIC with IPs 64.1.2.3, 64.1.2.4, 64.1.2.5, etc., and another with IP 192.168.1.1
The router runs a DHCP server on 192.168.1.1 telling everyone the gateway is 192.168.1.1 and the DNS servers are whatever the router uses, unless for some reason you need to set up your own.
Computers A on your network is a web server. You give it 192.168.1.4 and tell the router to redirect all traffic to 64.1.2.4 port 80 to 192.168.1.4 port 80.
Computer B is an FTP server. Everything to 64.1.2.5 ports 20 and 21 gets redirected to 192.168.1.5 ports 20 and 21.
This is assuming you can give one NIC multiple IPs, which I've never done, but it should be possible (man ifconfig).
0
It's not that I want them to only see the router- it's that the router is the only thing with outside IPs. None the less, i think what you reccomended will work- but Given that i don't necessarily want them to only see the router (actually, I want them to seem like they are connected to the net DIRECTLY), is there another way to do it?
My server has 12 IPs bound to NIC1. NIC2 connects to my LAN. i don't care what goes on inside the lan, but it would be nice if the computer thought it had 64.55.20.148, the rest of the world also thought that was the case... any thoughts?
0
If you don't care what gets through, why even bother setting up a router? Are you sure you can't just plug your connection into a switch? Some ISPs say you can't but don't enforce it.
The only really low-level option is a bridge, but I'm not sure if a bridge will change the MACs. I don't think it would. You could do some firewalling with a bridge, but the same rules would apply to all the computers behind it.
My way would be transparent as long as you set up all the ports you wanted to redirect. You also get security with NAT.
0
Is there a way to use your way with rather than just forwarding one IP, forward all IPs.
if only i could use a switch... The IPs ARE bound to the MAC... any NIC with another MAC won't get any IPs or service. gah.
0
With my way, you are forwarding all IPs (if you want, that is). Each internal IP corresponds to an external IP. I've never done this, but it should work.
The whole point of NAT is to change the MAC, but if a bridge changes the MAC, that's what you want because it would be easier to set up.
I suggest asking in the networking forum. They might be able to clear things up or offer a better solution.
0
Hello,
I think the best choice would be to tell your ISP to make some changes on your connection configuration.
Maybe you are looking for contradictory things.
Just two questions before I post my thinking: How does your ISP give you the connection for those 12 IPs? You want to configure your network like there´s no router, but why?
jmiturbe
0
I get the connectivity via ten-base-T. It comes in in some different form, but it's designed to act like i'm ON their network. It does not act like a verizon-dsl connection or anything.
I dont necessarily want to configure it like there's no router... Unless that's what is required to obtain my goal:
Make the computers on the lan have their own IP, that they know about, hat's always theirs... and if someone on the outside world goes "ping 64.55.20.148", I want it to ping the system within the lan
0
With NAT, you can have ALL TCP, UDP, ICMP, etc. traffic redirect to an internal server. I don't know why you would want to do that, though, because it just bypasses the inherent security of NAT.
Your DHCP server can be configured to, and probably would by default, register MAC address so the same computer keeps getting the same internal IP. Since your NAT rules don't change, the effectively static internal IP can always be accessed from the same external IP.
The router can almost be as visible or invisible as you want, depending on how much traffic you redirect. If you don't have it firewalling, it'll look like just another directly connected computer. Anyone who's really determined will always know by inspecting the ARP cache or watching packets, but that doesn't matter.
Setting things up this way should be fairly simple. I'm sure I could do it in OpenBSD, but I wouldn't know where to start in Linux.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
