We help IT Professionals succeed at work.

Not IP aliasing and not IP masquerading but mapping??

spo071397 asked
Medium Priority
Last Modified: 2010-03-17
 As a result of switching internet service providers, I
need to change IP addresses.  Rather than switching the IP
addresses on 140 or so machines, I would like to have my
Linux firewall (or perhaps my Ascend Max router) map my old
IP addresses to the new ones as packets go through the
  This is not IP aliasing, giving one interface more
than one IP address.  Nor is it masquerading, hiding
the internal network from the internet.  I still want
the web, DNS, and mail servers to be accessible.
  Any ideas?
Watch Question

well very simple, use dhcp to assign IP adress to your workstation. Like anyone should use when having more than 2 pc to manage......



DHCP is not an option.  Few of the machines on the
LAN support it.

What operating systems support TCP/IP and NOT DHCP ?


oh, i forgot, with IP masquerading you can of course do web, DNS, Mail, Ftp etc. You thaught you couldn't do that ?



To the first question:
  SunOS 4.x, IRIX 5.3, HPUX10.20, OSF3.2, VMS.
Solaris 5.5 might support client DHCP, (any one of them
could be the the DHCP server of course) but that
would involve a major reconfiguration, which is what
I'm trying to avoid.

As to the second question:
  With masquerading, the firewall can handle all of those
requests (DNS, HTTP etc.).  But I already have machines
on the LAN that can handle those requests.  I don't want
to hide those machines from the internet.

You want NAT.

NAT in software is curently not available for Linux, AFAIK, but I have heard it may be under development.

Otherwise, you need a router that will do NAT for you, I know many CISCO's do it, I'm not sure about the Ascend Max.

Hy, me again :^)

well, have you tried bootP ?



No.  Again, this would involve reconfiguring lots
of machines in order to use it.

IP masquerading will do what you want. I have it set up this at home. I have 5 PCs at home. One runs Linux with IP masquerading and the others run DOS, Win3.11, and Win95. The Linux box has two ethernet cards - one is connected to the rest of my PCs and the other connects to my ISP through a cable modem. I am using 10.x.x.x addresses on my internal network and an ISP-provided IP address on the interface that connects to my cable modem.

In your case, you could keep all your current IP addresses on all of your internal machines as long as you use the correct address on the interface that goes to your ISP.

I can run mail, news, and web browsers from any of my PCs with no problem at all.


But I want to keep my web and mail servers
accessible from the internet.  (Not external
servers accessible from the internal LAN.)

For example, currently my mail server is
In the future it will be

I just want some way of doing the translation in the
gateway/firewall on the fly.  

Sauron's comment led me to some dedicated PC software
packages (i.e. doesn't run on Linux, but DOS.), and
one smaller piece of hardware that I haven't had a chance
to look into yet.

Ok, so if you can't use IP aliasing nor masquerading nor bootP, nor DHCP nor NAT (it doesn't exist on linux) and don't want to have many reconfiguration on your 140 clients, well my response is : "what you want is simply impossible".

So long.


That's what I was afraid of.
And trying to hack the kernel to do what I want
would probably be more work than just switching
IP adddresses on all the machines.

Hy, it's again & again & still me :^)

This one, you'll be happy. Believe me, i found the rare jewel you need :
Mobile-IP is an
enhancement to IP which allows a computer to roam freely on the Internet while being reachable at the same IP address.
Current versions of the Internet Protocol (IP) make an implicit assumption that the point at which a computer attaches to the Internet is fixed and its IP
address identifies the network to which it is attached. Datagrams are sent to a computer based on the location information contained in its IP address. If a
computer (a.k.a host) moves to a new network while keeping its IP address unchanged, its address will not reflect its new point of attachment. Consequently,
existing routing protocols will be unable to route datagrams to it correctly. In this situation, the mobile node (a.k.a. mobile host) must be reconfigured with a
different IP address representative of its new location. Not only is this process cumbersome for ordinary users, it also presents the problem of informing
potential correspondents of the new address. Furthermore, changing the IP address will cause already established transport layer connections to be lost. Put
simply, if the mobile host moves without changing its address, it will lose routing; and if it does change its address, it will lose connections.
The Mobile-IP architecture, as proposed by the IETF, defines special entities called the Home Agent (HA) and Foreign Agent (FA) which co-operate to
allow a Mobile Host (MH) to move without changing its IP address. The term mobility agent is used to refer to a host (computer) acting either as a HA or FA
(or both). We describe a network as mobility supporting if it is equipped with a mobility agent.

Each MH is associated with a unique home network as indicated by its permanent IP address. Normal IP routing always delivers packets meant for the MH to
this network. When a MH is away, a specially designated host (the Home Agent) on this network is responsible for intercepting and forwarding its packets.
The MH uses a special registration protocol to keep its HA informed about its current location. Whenever a MH moves from its home network to a foreign
network, or from one foreign network to another, it chooses a Foreign Agent (FA) on the new network and uses it to forward a registration message to its
HA. After a successful registration, packets arriving for the MH on its home network are encapsulated by its HA and sent to its FA.

Well, enough for now, just jump to

So, happy man ?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


This is very interesting!  I'm not exactly sure how
this would be used to implement what I requested.
I'm pretty much resolved to reconfiguring all my

I do have to give you points for creativity.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.