Link to home
Start Free TrialLog in
Avatar of projects
projects

asked on

Centos7; routing based on IP

Not quite sure how to explain this but here goes.

I have a network which has a number of servers hosting various services. That network is losing its static IPs soon because it is no longer an essential service. However, we'd like to keep the servers running but on a cheap dynamic IP connection.

We have another network which is our main network and it has plenty of static IPs.

The idea is that on that second network, we would set up <something> which would allow remote connections to some of those IPs which in turn would redirect that traffic to the now dynamic IP network.

Since the dynamic network isn't critical, we can mess around with ports and use custom ports for what ever we need.

The question is, what are we looking for, to set up on one of the Centos servers on the second network which would redirect those connections to the dynamic network? Are we thinking dynamic DNS server or something else?

How will the dynamic network tell the second network about it's potentially changed IP when it does change? Do we need to set something up on the first network which will constantly broadcast its IP back to the second network?
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

The only time there is a shortage of static ip's vs dynamic ip's in my way of thinking is with IANA assigned IP addresses i.e. those not in the 10.x.x.x, 172.16.0.0 - 172.31.255.255, or 192.168.0.0 - 192.168.255.255 ranges.
Avatar of projects
projects

ASKER

Sorry but your reply is unrelated to my question.

I am asking about using static IPs to re-route connections to a non-static network using different ports.
I'm still confused. And what confuses me the most is the use of ip addresses and not using DNS
from what I gather you have a service on ip 192.168.5.10 port 1024 which is going to be put on another network where it will get a ip in the range of 10.10.10.0-255 still on port 1024 and you want something to follow the dynamic port assignment.. Most of us use DNS to do this.
ASKER CERTIFIED SOLUTION
Avatar of Nick Upson
Nick Upson
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Network A - Servers with services on various ports
Has a small subnet of static PUBLIC IPs
Connections hit Network Two PUBLIC IPs

Network B has single changing dynamic IP
Traffic is re-routed to Network B based on IP and services port

Examples;
Port 80 connection to public IP on Network A is re-routed to port 80 of Network B
Port 80 connection to public IP 2 on Network A is re-routed to port 8080 of Network B
Port 8181 connection to public IP on Network A is re-routed to port 8181 of Network B

Network B only has one public dynamic IP (changes) so we want to use some of the static IPs on another network to re-route traffic to the non static IP (changing) network.

This of course means that Network B needs to constantly update its IP with Network A so that network A can know where to route that traffic.
why aren't you using DNS for this? using IP's is so 1980's
David, why do you keep saying that??? Of course I'm using DNS and sometimes, we don't need them, we just use the IP.

I said dynamic DNS server and I said that the public IPs would have DNS records so that connections would go to those, once there, the dynamic DNS server would forward the connections to the non static network.

My question is wanting to understand what the parts needed are to make this work.
Here is an update.

I tried and tried to make this work using firewalld and it is simply not working. I can't find enough information to make it work.
Each time I get close, other things break. For example, the host is hosting web sites until I can get the vms working. I have one vm running and I need to forward ports 81/444 to it from the hosts public IP.

Everything I'm reading says use iptables so I'm about ready to do so. I would prefer using firewalld but if that is not possible, iptables is fine by me.

Other than ssh, port 80 and 443, there isn't anything else set in firewalld so what I  badly need is a complete example iptables file which I can use as a starting point to switch from firewalld to iptables.

Example;
NIC0 Connection to LAN

NIC1 has public IP x.x.x.24 and alias .25 .26 .27 .28

Internet connections to public IPs are forwarded to correct host based on port.

Example shows we create three VMs; 192.168.1.10, 192.168.1.11 and 192.168.1.12

VM 1 Incoming Connections (Where I will eventually move the web sites to)
IP x.x.x.24, port tcp 81,   forwarded to vm using NAT IP 192.168.1.10 port 80
IP x.x.x.24, port tcp 444,  forwarded to vm using NAT IP 192.168.1.10 port 443

VM 2
IP x.x.x.25, port tcp 80,    forwarded to vm using NAT IP 192.168.1.11 port 80
IP x.x.x.25, port tcp 443,   forwarded to vm using NAT IP 192.168.1.11 port 443

VM 3
IP x.x.x.26, tcp port 24,  forwarded to vm using NAT IP 192.168.1.12 port 22
IP x.x.x.26, tcp port 80,  forwarded to vm using NAT IP 192.168.1.12 port 80

Open in new window

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
David, thanks for the input but I am running my own dns servers.

However, that is exactly how I am going to set it up, on my own resources.
These answers didn't give me a solution but helped me to spend more time reading about how to handle such things.
One lead was the mention of being able to do this with iptables and the other was dynamic dns services.