IP Chains - MASQ

I wish to convert the present LAN setup and connect it to the net using only one public IP. This is since we are switching to an ISP that can provide us with only one public IP ( which will be used for our mail, web and DNS server). Previously we had 8. I feel there's a lot of reading I have to do to implement it.

I've heard that IP MASQ/Chains can be used to connect a LAN to the Internet using only one public IP. Are there beginners level, or step by step documents that I can read on this? This is all new to me =).

Thanks
LVL 2
rqsAsked:
Who is Participating?
 
vreddypatilConnect With a Mentor Commented:
I assume your internal LAN has a subnet of 192.168.1.0/24 and say you have a 202.15.1.1/24 public ip address.

| LAN                   |-----------|202.15.1.1/24
|---------------------| Linux    |--------------|Internet|
|                            |-----------|
                192.168.1.1/24                                            
             
Commands to execute on Linux m/c

Linux# echo 1 > /proc/sys/net/ipv4/ip_forward

This command is to enable ip forwarding at Linux box.

Linux# ipchains -A forward -J MASQ -S 192.168.1.0/24 -d 0.0.0.0/0

This command for masquerading internal network.

Now  your internal m/c on your LAN should have set a default route to  Linux m/c, i.e in this case 192.168.1.1
this is important.

Note: I assume here your kernel is configured with masquerading suuport.

HTH

---Vijayapal
0
 
vreddypatilCommented:
To access your web server which is on your internal LAN  from outside the world you have to configure for virtual server also.

Say your web server address is 192.168.1.2

                     Now add a virtual server

                     linux# ipvsadm -A -t202.15.1.1:80 -Swrr

                     the above command is for http port

                     Now add a real server

                     Linux# ipvsadm -a -t 202.15.1.1.5:80 -R 192.168.1.2:80 -m

For more details look for

                     http://www.linuxvirtualserver.org/
                     more precisely
                     http://www.linuxvirtualserver.org/VS-NAT.html

--Vijayapal
0
 
escheiderCommented:
Why not get the IPCHAINS HOWTO?  Here is a link to the document:

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html


Essentially, you should have two network cards in the machine.  One with the public ip address and one with an ip address of your internal network.

The above document explains this fairly well.
0
 
rqsAuthor Commented:
Thank you very much for the help =)
0
All Courses

From novice to tech pro — start learning today.