[lug] Networking question: multiple IPs and NAT?
Ed Moxley
ed at moxleynet.com
Sun Apr 10 14:28:06 MDT 2005
On Sun, 2005-04-10 at 13:20, Chris wrote:
> Hi, everyone.
>
> Quick question. I'm trying to help someone who came to hacking
> society last week solve a little networking problem.
>
> He's got 5 IPs from his ISP, all going to a DSL modem. There are
> several computers inside his network, each responsible for serving up
> web pages. I've suggested doing virtual hosting on Apache, and
> pointed to some good resources on that, so that solves part of the
> problem. He won't need one machine per website hosted, yay!
>
> The bigger problem is that he'd like his external IPs to be mapped on
> to machines inside his network anyway -- so that if there's enough
> services, they don't all have to be handled by the same machine. That
> is, the external IP someone connects to would determines which machine
> on his internal network recieves the connectiion. How's this done?
> It looks like we want to do something like this:
>
> http://www.shorewall.net/NAT.htm
>
> My experience with NAT is limited to the case where there's only one
> external IP address, and that's really 'masquerading', as I understand
> it.
>
> Can this be done by a typical DSL modem? If not, what are good
> recommendations for devices that *can* do this kind of NAT? With some
> googling, I've seen references to proxy arp in this context, but I
> just don't understand this as well as I'd like to.
>
> One thought I had was to put a small linux box behind the DSL modem,
> and have external addresses assigned to eth0:0 - eth0:4, and then have
> iptables rules forwarding packets on eth0:x to 192.168.0.y addresses.
> Would that work?
>
> I'd especially like book recommendations or good documentation on the
> subject, but specific suggestions would be greatly appreciated...
>
> --
> Chris Riddoch
> epistemological humility
It is likely that the DSL modem is also a router and depending on the
model it might be possible to configure it to pass specific public ip
addresses to specific private addresses on the inside. If it doesn't
have that level of NAT functionality then it might just be a case of
configuring the inside machines with the public addresses. Qwest
addresses that here:
"Configure your modem/router in PPP Mode for static IP addresses"
http://my.qwest.net/nav4/help/your_acct/set_cisco_675.html#actiontec_notes
Your idea of placing a linux box behind the modem is also sound and
using shorewall would simplify the implementation.
--
Ed Moxley <ed at moxleynet.com>
More information about the LUG
mailing list