Solved

IP Chains - MASQ

Posted on 2001-09-10
4
258 Views
Last Modified: 2010-03-17
I wish to convert the present LAN setup and connect it to the net using only one public IP. This is since we are switching to an ISP that can provide us with only one public IP ( which will be used for our mail, web and DNS server). Previously we had 8. I feel there's a lot of reading I have to do to implement it.

I've heard that IP MASQ/Chains can be used to connect a LAN to the Internet using only one public IP. Are there beginners level, or step by step documents that I can read on this? This is all new to me =).

Thanks
0
Comment
Question by:rqs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
vreddypatil earned 50 total points
ID: 6471660
I assume your internal LAN has a subnet of 192.168.1.0/24 and say you have a 202.15.1.1/24 public ip address.

| LAN                   |-----------|202.15.1.1/24
|---------------------| Linux    |--------------|Internet|
|                            |-----------|
                192.168.1.1/24                                            
             
Commands to execute on Linux m/c

Linux# echo 1 > /proc/sys/net/ipv4/ip_forward

This command is to enable ip forwarding at Linux box.

Linux# ipchains -A forward -J MASQ -S 192.168.1.0/24 -d 0.0.0.0/0

This command for masquerading internal network.

Now  your internal m/c on your LAN should have set a default route to  Linux m/c, i.e in this case 192.168.1.1
this is important.

Note: I assume here your kernel is configured with masquerading suuport.

HTH

---Vijayapal
0
 
LVL 1

Expert Comment

by:vreddypatil
ID: 6471691
To access your web server which is on your internal LAN  from outside the world you have to configure for virtual server also.

Say your web server address is 192.168.1.2

                     Now add a virtual server

                     linux# ipvsadm -A -t202.15.1.1:80 -Swrr

                     the above command is for http port

                     Now add a real server

                     Linux# ipvsadm -a -t 202.15.1.1.5:80 -R 192.168.1.2:80 -m

For more details look for

                     http://www.linuxvirtualserver.org/
                     more precisely
                     http://www.linuxvirtualserver.org/VS-NAT.html

--Vijayapal
0
 
LVL 4

Expert Comment

by:escheider
ID: 6513650
Why not get the IPCHAINS HOWTO?  Here is a link to the document:

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html


Essentially, you should have two network cards in the machine.  One with the public ip address and one with an ip address of your internal network.

The above document explains this fairly well.
0
 
LVL 2

Author Comment

by:rqs
ID: 6591448
Thank you very much for the help =)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help needed with BIND9 DNS on Ubuntu. 22 108
FTP output from Wireshak 6 115
Setting up two Raspberry Pi gateways/routers 3 131
how to write and save a unix script 12 36
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question