Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

IP Chains - MASQ

Posted on 2001-09-10
4
256 Views
Last Modified: 2010-03-17
I wish to convert the present LAN setup and connect it to the net using only one public IP. This is since we are switching to an ISP that can provide us with only one public IP ( which will be used for our mail, web and DNS server). Previously we had 8. I feel there's a lot of reading I have to do to implement it.

I've heard that IP MASQ/Chains can be used to connect a LAN to the Internet using only one public IP. Are there beginners level, or step by step documents that I can read on this? This is all new to me =).

Thanks
0
Comment
Question by:rqs
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
vreddypatil earned 50 total points
ID: 6471660
I assume your internal LAN has a subnet of 192.168.1.0/24 and say you have a 202.15.1.1/24 public ip address.

| LAN                   |-----------|202.15.1.1/24
|---------------------| Linux    |--------------|Internet|
|                            |-----------|
                192.168.1.1/24                                            
             
Commands to execute on Linux m/c

Linux# echo 1 > /proc/sys/net/ipv4/ip_forward

This command is to enable ip forwarding at Linux box.

Linux# ipchains -A forward -J MASQ -S 192.168.1.0/24 -d 0.0.0.0/0

This command for masquerading internal network.

Now  your internal m/c on your LAN should have set a default route to  Linux m/c, i.e in this case 192.168.1.1
this is important.

Note: I assume here your kernel is configured with masquerading suuport.

HTH

---Vijayapal
0
 
LVL 1

Expert Comment

by:vreddypatil
ID: 6471691
To access your web server which is on your internal LAN  from outside the world you have to configure for virtual server also.

Say your web server address is 192.168.1.2

                     Now add a virtual server

                     linux# ipvsadm -A -t202.15.1.1:80 -Swrr

                     the above command is for http port

                     Now add a real server

                     Linux# ipvsadm -a -t 202.15.1.1.5:80 -R 192.168.1.2:80 -m

For more details look for

                     http://www.linuxvirtualserver.org/
                     more precisely
                     http://www.linuxvirtualserver.org/VS-NAT.html

--Vijayapal
0
 
LVL 4

Expert Comment

by:escheider
ID: 6513650
Why not get the IPCHAINS HOWTO?  Here is a link to the document:

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html


Essentially, you should have two network cards in the machine.  One with the public ip address and one with an ip address of your internal network.

The above document explains this fairly well.
0
 
LVL 2

Author Comment

by:rqs
ID: 6591448
Thank you very much for the help =)
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question