Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IP Chains - MASQ

Posted on 2001-09-10
4
Medium Priority
?
262 Views
Last Modified: 2010-03-17
I wish to convert the present LAN setup and connect it to the net using only one public IP. This is since we are switching to an ISP that can provide us with only one public IP ( which will be used for our mail, web and DNS server). Previously we had 8. I feel there's a lot of reading I have to do to implement it.

I've heard that IP MASQ/Chains can be used to connect a LAN to the Internet using only one public IP. Are there beginners level, or step by step documents that I can read on this? This is all new to me =).

Thanks
0
Comment
Question by:rqs
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
vreddypatil earned 200 total points
ID: 6471660
I assume your internal LAN has a subnet of 192.168.1.0/24 and say you have a 202.15.1.1/24 public ip address.

| LAN                   |-----------|202.15.1.1/24
|---------------------| Linux    |--------------|Internet|
|                            |-----------|
                192.168.1.1/24                                            
             
Commands to execute on Linux m/c

Linux# echo 1 > /proc/sys/net/ipv4/ip_forward

This command is to enable ip forwarding at Linux box.

Linux# ipchains -A forward -J MASQ -S 192.168.1.0/24 -d 0.0.0.0/0

This command for masquerading internal network.

Now  your internal m/c on your LAN should have set a default route to  Linux m/c, i.e in this case 192.168.1.1
this is important.

Note: I assume here your kernel is configured with masquerading suuport.

HTH

---Vijayapal
0
 
LVL 1

Expert Comment

by:vreddypatil
ID: 6471691
To access your web server which is on your internal LAN  from outside the world you have to configure for virtual server also.

Say your web server address is 192.168.1.2

                     Now add a virtual server

                     linux# ipvsadm -A -t202.15.1.1:80 -Swrr

                     the above command is for http port

                     Now add a real server

                     Linux# ipvsadm -a -t 202.15.1.1.5:80 -R 192.168.1.2:80 -m

For more details look for

                     http://www.linuxvirtualserver.org/
                     more precisely
                     http://www.linuxvirtualserver.org/VS-NAT.html

--Vijayapal
0
 
LVL 4

Expert Comment

by:escheider
ID: 6513650
Why not get the IPCHAINS HOWTO?  Here is a link to the document:

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html


Essentially, you should have two network cards in the machine.  One with the public ip address and one with an ip address of your internal network.

The above document explains this fairly well.
0
 
LVL 2

Author Comment

by:rqs
ID: 6591448
Thank you very much for the help =)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month9 days, 21 hours left to enroll

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question