Go Premium for a chance to win a PS4. Enter to Win


Not IP aliasing and not IP masquerading but mapping??

Posted on 1997-07-13
Medium Priority
Last Modified: 2010-03-17
 As a result of switching internet service providers, I
need to change IP addresses.  Rather than switching the IP
addresses on 140 or so machines, I would like to have my
Linux firewall (or perhaps my Ascend Max router) map my old
IP addresses to the new ones as packets go through the
  This is not IP aliasing, giving one interface more
than one IP address.  Nor is it masquerading, hiding
the internal network from the internet.  I still want
the web, DNS, and mail servers to be accessible.
  Any ideas?
Question by:spo071397

Expert Comment

ID: 1585476
well very simple, use dhcp to assign IP adress to your workstation. Like anyone should use when having more than 2 pc to manage......



Author Comment

ID: 1585477
DHCP is not an option.  Few of the machines on the
LAN support it.


Expert Comment

ID: 1585478
What operating systems support TCP/IP and NOT DHCP ?
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal


Expert Comment

ID: 1585479

oh, i forgot, with IP masquerading you can of course do web, DNS, Mail, Ftp etc. You thaught you couldn't do that ?


Author Comment

ID: 1585480
To the first question:
  SunOS 4.x, IRIX 5.3, HPUX10.20, OSF3.2, VMS.
Solaris 5.5 might support client DHCP, (any one of them
could be the the DHCP server of course) but that
would involve a major reconfiguration, which is what
I'm trying to avoid.

As to the second question:
  With masquerading, the firewall can handle all of those
requests (DNS, HTTP etc.).  But I already have machines
on the LAN that can handle those requests.  I don't want
to hide those machines from the internet.


Expert Comment

ID: 1585481
You want NAT.

NAT in software is curently not available for Linux, AFAIK, but I have heard it may be under development.

Otherwise, you need a router that will do NAT for you, I know many CISCO's do it, I'm not sure about the Ascend Max.

Expert Comment

ID: 1585482
Hy, me again :^)

well, have you tried bootP ?


Author Comment

ID: 1585483
No.  Again, this would involve reconfiguring lots
of machines in order to use it.


Expert Comment

ID: 1585484
IP masquerading will do what you want. I have it set up this at home. I have 5 PCs at home. One runs Linux with IP masquerading and the others run DOS, Win3.11, and Win95. The Linux box has two ethernet cards - one is connected to the rest of my PCs and the other connects to my ISP through a cable modem. I am using 10.x.x.x addresses on my internal network and an ISP-provided IP address on the interface that connects to my cable modem.

In your case, you could keep all your current IP addresses on all of your internal machines as long as you use the correct address on the interface that goes to your ISP.

I can run mail, news, and web browsers from any of my PCs with no problem at all.

Author Comment

ID: 1585485
But I want to keep my web and mail servers
accessible from the internet.  (Not external
servers accessible from the internal LAN.)

For example, currently my mail server is
In the future it will be

I just want some way of doing the translation in the
gateway/firewall on the fly.  

Sauron's comment led me to some dedicated PC software
packages (i.e. doesn't run on Linux, but DOS.), and
one smaller piece of hardware that I haven't had a chance
to look into yet.


Expert Comment

ID: 1585486
Ok, so if you can't use IP aliasing nor masquerading nor bootP, nor DHCP nor NAT (it doesn't exist on linux) and don't want to have many reconfiguration on your 140 clients, well my response is : "what you want is simply impossible".

So long.

Author Comment

ID: 1585487
That's what I was afraid of.
And trying to hack the kernel to do what I want
would probably be more work than just switching
IP adddresses on all the machines.


Accepted Solution

cedric earned 600 total points
ID: 1585488
Hy, it's again & again & still me :^)

This one, you'll be happy. Believe me, i found the rare jewel you need :
Mobile-IP is an
enhancement to IP which allows a computer to roam freely on the Internet while being reachable at the same IP address.
Current versions of the Internet Protocol (IP) make an implicit assumption that the point at which a computer attaches to the Internet is fixed and its IP
address identifies the network to which it is attached. Datagrams are sent to a computer based on the location information contained in its IP address. If a
computer (a.k.a host) moves to a new network while keeping its IP address unchanged, its address will not reflect its new point of attachment. Consequently,
existing routing protocols will be unable to route datagrams to it correctly. In this situation, the mobile node (a.k.a. mobile host) must be reconfigured with a
different IP address representative of its new location. Not only is this process cumbersome for ordinary users, it also presents the problem of informing
potential correspondents of the new address. Furthermore, changing the IP address will cause already established transport layer connections to be lost. Put
simply, if the mobile host moves without changing its address, it will lose routing; and if it does change its address, it will lose connections.
The Mobile-IP architecture, as proposed by the IETF, defines special entities called the Home Agent (HA) and Foreign Agent (FA) which co-operate to
allow a Mobile Host (MH) to move without changing its IP address. The term mobility agent is used to refer to a host (computer) acting either as a HA or FA
(or both). We describe a network as mobility supporting if it is equipped with a mobility agent.

Each MH is associated with a unique home network as indicated by its permanent IP address. Normal IP routing always delivers packets meant for the MH to
this network. When a MH is away, a specially designated host (the Home Agent) on this network is responsible for intercepting and forwarding its packets.
The MH uses a special registration protocol to keep its HA informed about its current location. Whenever a MH moves from its home network to a foreign
network, or from one foreign network to another, it chooses a Foreign Agent (FA) on the new network and uses it to forward a registration message to its
HA. After a successful registration, packets arriving for the MH on its home network are encapsulated by its HA and sent to its FA.

Well, enough for now, just jump to

So, happy man ?

Author Comment

ID: 1585489
This is very interesting!  I'm not exactly sure how
this would be used to implement what I requested.
I'm pretty much resolved to reconfiguring all my

I do have to give you points for creativity.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question