Giving IP to PC with Proxy?

Hello,
I am try to figure out A) what to search under on Google B) would this
work?

Here is my sitution: My ISP gives out a local IP (10.10.203.n),
however, I would like to have a public IP for my network. I have a
dedicated server that I can set up to do anything (Fed. Core 2), and I
have multiple IP addresses at my disposal (for now).

I have setup a VTUN between the the server and my Linux box, but I
have to use rinetd for port forwarding so people that access the server
with IPort -> MY_PC:PORT. I don't like that situation.
I have read that this problem could b fixed with a proxy server. If
this is possible, what should I search under? I have looked for:
public IP with proxy
No good results.


Thanks in advanced,
Scott Brown

In message <(E-Mail Removed). com>, darktiger
wrote:

> Hello,
> I am try to figure out A) what to search under on Google B) would this
> work?
>
> Here is my sitution: My ISP gives out a local IP (10.10.203.n),
> however, I would like to have a public IP for my network. I have a
> dedicated server that I can set up to do anything (Fed. Core 2), and I
> have multiple IP addresses at my disposal (for now).
>
> I have setup a VTUN between the the server and my Linux box, but I
> have to use rinetd for port forwarding so people that access the server
> with IPort -> MY_PC:PORT. I don't like that situation.
> I have read that this problem could b fixed with a proxy server. If
> this is possible, what should I search under? I have looked for:
> public IP with proxy
> No good results.
>
You can't do it with everything on your side of the ISP's server because it
is almost certainly using NAT routeing to map your IP address and those of
others served by the same system to a single real address. Even with a
proxy server on the outside, it will still require a tunnel of some sort
(look at using ssh) between that external server and your local network,
and the tunnel has to be set up from your local network connecting out to
the server. With such a NAT system, there is no way the ISP's system knows
to connect incoming traffic to your IP address rather than that of someone
else also served by their router.

I think you need a new ISP or a different type of account with your current
one if you really want a public IP address.
--
Dave
mail da (E-Mail Removed) (without the space)
http://www.llondel.org/
So many gadgets, so little time...

darktiger wrote:
> Hello,
> I am try to figure out A) what to search under on Google B) would
this
> work?
>
> Here is my sitution: My ISP gives out a local IP (10.10.203.n),
> however, I would like to have a public IP for my network. I have a
> dedicated server that I can set up to do anything (Fed. Core 2), and
I
> have multiple IP addresses at my disposal (for now).
>
> I have setup a VTUN between the the server and my Linux box, but I
> have to use rinetd for port forwarding so people that access the
server
> with IPort -> MY_PC:PORT. I don't like that situation.
> I have read that this problem could b fixed with a proxy server. If
> this is possible, what should I search under? I have looked for:
> public IP with proxy
> No good results.

You need a _public_ url/IP for people to reach you.

Try here:
http://www.dyndns.org/

or google:
http://www.google.com/search?q=dynam...UTF-8&oe=UTF-8

If your private IP changes with dhcp then you will also need to get a
dynamic dns update script to run when your IP changes -- _not_ every
time you boot.

hth,
prg
email above disabled

I don't need a public url. That is easy. The fact is that I have a
PRIVATE IP (ie: not seen by Internet routers.) Dave is correct in
saying I am NAT'ed at the ISP. I would change ISPs, but this is the
only broadband provider. So its this or dialup...

What I am thinking of doing is this: use Vtun like I have been doing,
but have a proxy server on MY end, then I only have to route one port
on the public server. So when I want to access my local computer
remotely I tell my computer to use that proxy server then I should have
access...

If only Verizon had FIOS out here...

--Scott

darktiger wrote:
> I don't need a public url. That is easy. The fact is that I have a
> PRIVATE IP (ie: not seen by Internet routers.) Dave is correct in
> saying I am NAT'ed at the ISP. I would change ISPs, but this is the
> only broadband provider. So its this or dialup...
>
> What I am thinking of doing is this: use Vtun like I have been doing,
> but have a proxy server on MY end, then I only have to route one port
> on the public server. So when I want to access my local computer
> remotely I tell my computer to use that proxy server then I should
have
> access...
>
> If only Verizon had FIOS out here...

I've been suffering brain cell lock-up the past several days, so...

Piecing together your two posts, here is what I understand your
situation to be.

-- a Verizon-computer on their 10 net, NATed, no private IP
-- a dedicated public-server located elsewhere (with multiple IPs
available?)
-- a tunnel via the tun device (VTun) between the two computers
-- using rinet (why not iptables?) on the public-server to port forward
from the public-server to the Verizon-computer using the tunnel (why
not iptables?)
-- find the present arrangement of (public-server)IPort ->
(Verizon-computer)MY_PC:PORT to be too awkward

Be warned that my tunneling experience is limited to ad-hoc use rather
than anything vaguely permanent. None at all where I was using it to
provide a public connection to a NATed, private IP computer.

If you have multiple IPs available for use at the public-server, can
you use an additional IP there that will route to Verizon-computer?
Ie., add an alias to the public-server nic so that:

IP(a) -> public-server -> public-server services
IP(b) -> public-server -> tunnel -> all Verizon-computer services

You should be able to add a route to public-server's route table that
forwards IP(b) to the tun device, yes? Not that familiar with VTun --
just looking at the conf example.

Would that still leave a DNS hole, ie., no DNS entry for IP(b)? If you
could get the DNS entry at the ISP, it seems that would be the most
"natural" way to go.

If the ISP provisioning public-server won't/can't provide the DNS, you
could punt to dyndns -- of course the url will look "ugly". I think
you could even use this if public-server ISP can't handle an alias on
public-server's nic.

And if you have contol of public-server you could even throw in some
iptables rules if you need to. That would handle all your needs as
well/better than a proxy, wouldn't it?

I'll stop here since I'm not sure yet if I have understood your
situation or setup correctly.
no sure if this helps,
prg
email above disabled

prg wrote:
> darktiger wrote:
> > I don't need a public url. That is easy. The fact is that I have a
> > PRIVATE IP (ie: not seen by Internet routers.) Dave is correct in
> > saying I am NAT'ed at the ISP. I would change ISPs, but this is the
> > only broadband provider. So its this or dialup...
> >
> > What I am thinking of doing is this: use Vtun like I have been
doing,
> > but have a proxy server on MY end, then I only have to route one
port
> > on the public server. So when I want to access my local computer
> > remotely I tell my computer to use that proxy server then I should
> have
> > access...

> Piecing together your two posts, here is what I understand your
> situation to be.
> -- a Verizon-computer on their 10 net, NATed, no private IP
> -- a dedicated public-server located elsewhere (with multiple IPs
> available?)
> -- a tunnel via the tun device (VTun) between the two computers
> -- using rinet (why not iptables?) on the public-server to port
forward
> from the public-server to the Verizon-computer using the tunnel (why
> not iptables?)
> -- find the present arrangement of (public-server)IPort ->
> (Verizon-computer)MY_PC:PORT to be too awkward
>
> Be warned that my tunneling experience is limited to ad-hoc use
rather
> than anything vaguely permanent. None at all where I was using it to
> provide a public connection to a NATed, private IP computer.
>
> If you have multiple IPs available for use at the public-server, can
> you use an additional IP there that will route to Verizon-computer?
> Ie., add an alias to the public-server nic so that:
>
> IP(a) -> public-server -> public-server services
> IP(b) -> public-server -> tunnel -> all Verizon-computer services
>
> You should be able to add a route to public-server's route table that
> forwards IP(b) to the tun device, yes? Not that familiar with VTun
--
> just looking at the conf example.
>
> Would that still leave a DNS hole, ie., no DNS entry for IP(b)? If
you
> could get the DNS entry at the ISP, it seems that would be the most
> "natural" way to go.
>
> If the ISP provisioning public-server won't/can't provide the DNS,
you
> could punt to dyndns -- of course the url will look "ugly". I think
> you could even use this if public-server ISP can't handle an alias on
> public-server's nic.
>
> And if you have contol of public-server you could even throw in some
> iptables rules if you need to. That would handle all your needs as
> well/better than a proxy, wouldn't it?

Okay, I have been a bit foggy in the brain as well.
I do not have Verizon DSL, my provider comes from a City-owned wireless
ISP (good service, just no public IP).

The reason why I am not using iptables for routing requests from
PUBLIC_IP:PORT -> TUNNEL_IP:PORT is due to the fact that:
A) I am not too good with all the iptables features
B) If I am correct with what iptables can/cannot do: iptables can't
forward requests from virtual interfaces... The public server only has
one NIC with multiple virtual interfaces.

I will have to look into the routing a public IP to the TUN device. It
can be done, I just need to be able to spend some time on this. The
public server is running a DNS service (BIND), so assigning a name to
my IP won't be hard.

I will post a follow-up message (new top-level post) when I figure all
of this out. There has to be some other people out there who have a
situation like this, so I would like to release this information.
Thanks for the help,
Scott Brown