| View previous topic :: View next topic |
| Author |
Message |
seringen
Apprentice
Joined: 03 Aug 2003
Posts: 163
Location: berkeley, california
|
 Posted: Thu Sep 08, 2005 8:24 pm Post subject: Static IP addresses instead of nat for behind the router |
 |
|
I originally followed the Gentoo Home Router Guide, and it works nicely.
However, my ISP allows me 7 static IP addresses, one of which my router automatically picked up via dhcp. How do I get my computers on the network to use those extra IP addresses?
currently the situation is
modem <-> eth1 68.11.145.103 ROUTER eth0 192.168.0.1 <-> clients 192.168.0.***
assigned static via dhcp-----------------------assigned and NAT'ed via dhcp and dnsmasq
and I'd like
modem <-> eth1 68.11.145.103 ROUTER eth0 68.11.145.103 <-> clients 68.11.145.[96-102]
I have a feeling that this should be easy, but I can't find any documentation that spells it out. IF you're really friendly you'll even point me in the right direction to what the heck I should do with my iptables.
Thanks for your time! |
|
| Back to top |
|
 |
wmgoree
Apprentice
Joined: 08 Aug 2003
Posts: 246
Location: Alexandria, VA
|
| Posted: Thu Sep 08, 2005 8:53 pm Post subject: Re: Static IP addresses instead of nat for behind the router |
|
|
| seringen wrote: |
modem <-> eth1 68.11.145.103 ROUTER eth0 192.168.0.1 <-> clients 192.168.0.***
assigned static via dhcp-----------------------assigned and NAT'ed via dhcp and dnsmasq
and I'd like
modem <-> eth1 68.11.145.103 ROUTER eth0 68.11.145.103 <-> clients 68.11.145.[96-102]
I have a feeling that this should be easy, but I can't find any documentation that spells it out. IF you're really friendly you'll even point me in the right direction to what the heck I should do with my iptables.
Thanks for your time! |
Well, actually that's very hard. You would have to tell your ISP to route all traffic to the rest of your subnet through your router. Alternately, you could assign all the external IP addresses to your router (if it can take more than one) and do a 1-to-1 NAT behind it.
_________________
vi? *snicker* it doesn't even include a mail reader... |
|
| Back to top |
|
|
Ph0eniX
Guru
Joined: 24 Sep 2004
Posts: 502
Location: New York, U.S.
|
| Posted: Thu Sep 08, 2005 8:58 pm Post subject: Re: Static IP addresses instead of nat for behind the router |
|
|
| seringen wrote: | I originally followed the Gentoo Home Router Guide, and it works nicely.
However, my ISP allows me 7 static IP addresses, one of which my router automatically picked up via dhcp. How do I get my computers on the network to use those extra IP addresses?
currently the situation is
modem <-> eth1 68.11.145.103 ROUTER eth0 192.168.0.1 <-> clients 192.168.0.***
assigned static via dhcp-----------------------assigned and NAT'ed via dhcp and dnsmasq
and I'd like
modem <-> eth1 68.11.145.103 ROUTER eth0 68.11.145.103 <-> clients 68.11.145.[96-102]
I have a feeling that this should be easy, but I can't find any documentation that spells it out. IF you're really friendly you'll even point me in the right direction to what the heck I should do with my iptables.
Thanks for your time! |
It would only be easy if you decided to get rid of NAT (which is probably not the hottest of ideas). |
|
| Back to top |
|
|
seringen
Apprentice
Joined: 03 Aug 2003
Posts: 163
Location: berkeley, california
|
| Posted: Fri Sep 09, 2005 12:07 am Post subject: Re: Static IP addresses instead of nat for behind the router |
|
|
| Quote: | | Well, actually that's very hard. You would have to tell your ISP to route all traffic to the rest of your subnet through your router. Alternately, you could assign all the external IP addresses to your router (if it can take more than one) and do a 1-to-1 NAT behind it. |
The 1-to-1 thing would be fine I guess, what do you mean "if it can take more than one"?
I want to keep the machines on my network walled off together, but still reachable for certain things from the outside. Plus with what I want, I get to use squid and stuff like that. Is there a saner way of doing it? |
|
| Back to top |
|
|
lbrtuk
l33t
Joined: 08 May 2003
Posts: 910
|
| Posted: Fri Sep 09, 2005 12:35 am Post subject: |
|
|
Shouldn't be a problem at all. Just set the kernel to forward ipv4 packets and give your client machines their static IPs. Make your router their default gateway.
The ISP's routing tables should already be set up to forward you packets for the other IPs you own. Otherwise it would be stupid.
After that you might want to use iptables to limit what sort of traffic gets in & out of your network. |
|
| Back to top |
|
|
fbvortex
n00b
Joined: 01 Jul 2005
Posts: 22
|
| Posted: Fri Sep 09, 2005 12:45 am Post subject: Re: Static IP addresses instead of nat for behind the router |
|
|
| seringen wrote: | | The 1-to-1 thing would be fine I guess, what do you mean "if it can take more than one"? |
In pf on OpenBSD, what you want is called bi-directional NAT (or "binat") for short. Not that you're using pf, but there's at least a keyword to help you search better.
The "if it can take more than one" refers how to how many of your ISP's host IP address ARP entries the ISP will allow you to have associated with one MAC address.
For example if you are, say for the sake of argument, using a cable modem via DHCP, the ISP will not allow you to hold more than one lease per MAC address.
However, if the ISP will allow you to have those IPs statically, then most likely all you need to do is statically assign additional IP addresses to aliases of your external interface. Your external interface will then be used to send and receive for your whole external static address block (once you setup the binat mappings). |
|
| Back to top |
|
|
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Fri Sep 09, 2005 12:46 pm Post subject: |
|
|
That guy read my mind. I'm not 100% sure how to set that up, but I'm sure it would be simple. Does anyone know if it would be possible to assign different MAC ID's to different aliases of the same interface? That could enable you to do something a lot like MAC cloning that consumer routers often have to do for cable modems.
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
|
Networking & Security
