Solved

TCP/IP Networking Question

Posted on 2000-04-12
5
186 Views
Last Modified: 2013-11-29
I work in a building that is currently connected to the internet via a router we are being told that we cannot have TCP/IP networking on our machines because our company has run out of IP addresses for our machines.  Our current solution to the problem is that we use an instant internet box which has IPX/SPX winsock client on one side and its own IP address on the internet side of the box.  Is there no simple solution that allows us to use any IP addresses on our clients and have a box/machine that acts as a gateway to the internet?  I have a linux server running so if there is a software solution that could be sat on the server (the server becoming the a gateway via two network cards)
0
Comment
Question by:Steves2001
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2709029
To suggest the best solution I need to know how many "public" IP's could be allocated for the buildings use. If only one, then IPMasq/ipchains on a Linux box could be used to masquerade your entire building onto a single outside IP. If there is a block of IP's that could be used, ipfilter running on FreeBSD, OpenBSD or Solaris could be used for dynamic NAT.

Sounds like you organization needs to "re-design" their network and NAT everything using a private Class B or Class A.
0
 
LVL 1

Author Comment

by:Steves2001
ID: 2709423
The difficulty has been that we are a college in the UK who benefit from a link to a university who in turn links to JANET which inturn links to the internet.

Our main IP network is a subnet of the universities IP network and our building currently assigned a single IP address due to the way in which IP's have been allocated (randomly) until we ran out . SO yes it is a mess, my problem is that I have to do something with that IP we have so that we can run courses within the building (Java networking stuff) I can do pretty much what I like in the building as long as I don't affect the main network.  If I can show them a working system within the building I could then move on to getting them to take it on board for the whole college.

Anything you can suggest would be greatly appreciated The server I am using at the moment is RedHat 6.0.

Even if you only point me to some sites or books where I can read up about above it would be a help actual configuration info and software locations would be brilliant.

Thanks

Stephen Smith
0
 
LVL 3

Expert Comment

by:apadua
ID: 2709627
What you need to research for is NAT - Network Address Translation. As JLevie points out, this would be a solution that would allow you to have a single IP address on the outside, and instead of having to use IPX/SPX inside, you'd use a block of Private IP addresses, such as:

10.0.0.0 Mask 255.0.0.0 (Class A)
172.16.0.0 to 172.32.0.0 Mask 255.255.0.0 (Class B)
192.168.1.0 to 192.168.254.0 Mask 255.255.255.0 (Class C)

Your device (usually some type of router, even if just Linux functioning as one) will convert between the internal IPs and the external one.

If you guys are small (about 30 or so machines) you can try a Internet Router by LinkSys (possibly others available, I don't know). It costs about US$200 and provides NAT and DHCP for your entire network. Plus, it's a four port 10/100 Switch.


Here's a good text on NAT.

http://www.computerbits.com/archive/9708/lan9708.htm

Cisco's overview is also pretty good:

http://www.cisco.com/warp/public/701/60.html

Here's a technical discussion on NAT, if you get curious:

http://www.safety.net/nattech.html


Good luck,


André
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 2710365
Id suggest an upgrade to 6.1 or 6.2 (better) as I think you'll find that it'll work much better as an IPMasq box Which is what you need to funnel a private network into a single external IP. Technically, that's Network Port Address Translation or NPAT.

The subject, from a Linux perspective, is covered pretty well in the IP-Masquerade & IPCHAINS Howto's at http://howto.tucows.com/LDP/HOWTO/HOWTO-INDEX-3.html#ss3.1. It's not that hard to set up if you don't need a lot of security rules or special inbound services. NPAT in general is limited as to what can be done w/respect to inbound services as there's only the one external IP. Network Address Translation (NAT) using an external IP pool of address is a lot more flexible in that regard.
0
 
LVL 1

Author Comment

by:Steves2001
ID: 2711457
Thank you very much for your help you both have given me pointers as to where to go next.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question