NAT and static addresses in one physical ethernet network

Hi, I will be shortly getting DSL with a 8 static IP address block. I
believe this gives me 5 useable IP addresses, this is fine as I only want 5
addresses anyway for running servers etc, however there are more than 5 pc's
in the house.

These other pc's are for general use and do not require any fancy tricks...
ideally I would like to use NAT for these. the only trouble is I'm no
networking expert!

Before anyone mentions why don't I NAT the entire lot, I cant because my
Asterix service for instance wants ports 10,000 - 20,000 redirected. It is
much nicer to have my service PCs on static addresses.

I will be running a Linux router, with ADSL card and one Ethernet interface
which will then spur off to the switch and other PCs. The router is a
mini-itx machine so I don't have any other space for a second Ethernet card.

So to my question, is there any way that I can run both static addresses and
NAT through the one eth0 interface? I'm thinking I would need to do the
following steps:

1) give the Linux router one static route address i.e. 66.249.64.16, and
give it a second address i.e. 192.168.0.1. (both addresses are for eth0)

2) setup routing to route packets from ADSL card with destinations
66.249.64.17 - 66.249.64.20 through eth0.

3) setup dhcp to listen on eth0 and service requests

4) setup iptables to NAT anything from the source address 192.168.0/24 (or
whatever my dhcp scope is) through the DSL card

5) set my service machine IP addresses to 66.249.64.17 - 66.249.64.20, or
get dhcpd to dish out these addresses based on MAC addresses.

6) i'm not sure but I would need to add a route between the two subnets,
66.249.64.16-66.249.64.20 to 192.168.0/24?

Hopefully that would work, and let me run my static machines and let people
plug computers into the switch who would in turn be assigned a dynamic
addresses on the different subnet... even though its running on the same
Ethernet switch.

Is this along the right tracks?

Any pointers much appreciated. Thanks in advance,

Chris

On Tue, 13 Dec 2005, in the Usenet newsgroup comp.os.linux.networking,
in article <dnn7ku$u4$(E-Mail Removed)>, Chris Morley wrote:

>I will be shortly getting DSL with a 8 static IP address block. I
>believe this gives me 5 useable IP addresses, this is fine as I only
>want 5 addresses anyway for running servers etc, however there are more
>than 5 pc's in the house.

Discuss it with your provider. If you are getting a _subnet_ assignment,
then this is the case (network address, broadcast, router, and five hosts).
On the other hand, you might be getting eight addresses out of a block of
unspecified size - perhaps a /24 or larger. The gateway, network and
broadcast addresses will not be part of your block of eight.

>These other pc's are for general use and do not require any fancy tricks...
>ideally I would like to use NAT for these. the only trouble is I'm no
>networking expert!

That's why the Linux HOWTOs exist. The one you want is

-rw-rw-r-- 1 gferg ldp 703560 May 23 08:22 IP-Masquerade-HOWTO

>I will be running a Linux router, with ADSL card and one Ethernet interface
>which will then spur off to the switch and other PCs. The router is a
>mini-itx machine so I don't have any other space for a second Ethernet card.

That's going to be a problem then.

>So to my question, is there any way that I can run both static addresses and
NAT through the one eth0 interface?

RFC1855 recommends reading a news group for a month before posting. No one
does any more, but if you had looked at this group for the past week, you'd
find a thread titled "subnets and subnetting" where this has been hashed out
is quite a lot of detail. Short answer - you can't do it. IF your router
doesn't filter off the 192.168.x.x network, your ISP is also going to be
unhappy with you contaminating their network with RFC1918 packets.

>Hopefully that would work, and let me run my static machines and let people
>plug computers into the switch who would in turn be assigned a dynamic
>addresses on the different subnet... even though its running on the same
>Ethernet switch.

As long as your dynamic boxes on the other address range NEVER wanted to
talk to the world - this would work. Otherwise, no.

>Is this along the right tracks?

A solution would be to sacrifice one of your real addresses to another
computer that does the masquerading with two NICs. If you need that
address for Internet use, port forward it so a host on the 192.168.x.x
net (or less desirable, add a masquerading function to one of your
servers and let it ALSO route to your 192.168.x.x net).

Old guy

In comp.os.linux.networking Moe Trin <(E-Mail Removed)>:
> On Tue, 13 Dec 2005, in the Usenet newsgroup comp.os.linux.networking,
> in article <dnn7ku$u4$(E-Mail Removed)>, Chris Morley wrote:

>>I will be shortly getting DSL with a 8 static IP address block. I
>>believe this gives me 5 useable IP addresses, this is fine as I only
>>want 5 addresses anyway for running servers etc, however there are more
>>than 5 pc's in the house.

> Discuss it with your provider. If you are getting a _subnet_ assignment,
> then this is the case (network address, broadcast, router, and five hosts).
> On the other hand, you might be getting eight addresses out of a block of
> unspecified size - perhaps a /24 or larger. The gateway, network and
> broadcast addresses will not be part of your block of eight.

>>These other pc's are for general use and do not require any fancy tricks...
>>ideally I would like to use NAT for these. the only trouble is I'm no
>>networking expert!

> That's why the Linux HOWTOs exist. The one you want is

> -rw-rw-r-- 1 gferg ldp 703560 May 23 08:22 IP-Masquerade-HOWTO

>>I will be running a Linux router, with ADSL card and one Ethernet interface
>>which will then spur off to the switch and other PCs. The router is a
>>mini-itx machine so I don't have any other space for a second Ethernet card.

> That's going to be a problem then.

He could do himself a big favor and get a dual or even quad port
nic, problem solved.

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 279: The static electricity routing is acting up...

On Wed, 14 Dec 2005, in the Usenet newsgroup comp.os.linux.networking,
in article <b8i673-(E-Mail Removed)>, Michael Heiming wrote:

]I wrote:

>> Chris Morley wrote:

>>> The router is a mini-itx machine so I don't have any other space for
>>> a second Ethernet card.

>> That's going to be a problem then.

>He could do himself a big favor and get a dual or even quad port
>nic, problem solved.

I've had very limited experience with those - a D-Link DFE-580TX 4 port
(sundance driver), and a 3COM 3c982 Dual Port (3c59x driver). As I recall
(tests about 2 years ago), they worked, but it was a bit of a hassle
getting them running right. I vaguely recall performance problems too, but
we do flog the crap out of some of our servers, which is why we are moving
to Gigabit net. Most of our servers do have multiple NICs, as we keep our
administrative and backup traffic on separate subnets for security/bandwidth
reasons. There is/was a D-Link DFE-570TX 4 port 10/100 PCI but it was
windoze NT 4 SP3 ONLY.

Old guy

In comp.os.linux.networking Moe Trin <(E-Mail Removed)>:
> On Wed, 14 Dec 2005, in the Usenet newsgroup comp.os.linux.networking,
> in article <b8i673-(E-Mail Removed)>, Michael Heiming wrote:
> ]I wrote:

>>> Chris Morley wrote:

>>>> The router is a mini-itx machine so I don't have any other space for
>>>> a second Ethernet card.

>>> That's going to be a problem then.

>>He could do himself a big favor and get a dual or even quad port
>>nic, problem solved.

> I've had very limited experience with those - a D-Link DFE-580TX 4 port
> (sundance driver), and a 3COM 3c982 Dual Port (3c59x driver). As I recall
> (tests about 2 years ago), they worked, but it was a bit of a hassle
> getting them running right. I vaguely recall performance problems too, but
> we do flog the crap out of some of our servers, which is why we are moving
> to Gigabit net. Most of our servers do have multiple NICs, as we keep our
> administrative and backup traffic on separate subnets for security/bandwidth
> reasons. There is/was a D-Link DFE-570TX 4 port 10/100 PCI but it was
> windoze NT 4 SP3 ONLY.

My condolences.

Use them quite often, mostly intel, zero problems. The only
downside if you have a couple of them in a system and unluckily
the usual 2 onboard use the same driver in addition, you have
some work finding out which one is eth<n>. ;-)

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 76: Unoptimized hard drive

> My condolences.
>
> Use them quite often, mostly intel, zero problems. The only
> downside if you have a couple of them in a system and unluckily
> the usual 2 onboard use the same driver in addition, you have
> some work finding out which one is eth<n>. ;-)

Hey chaps, been doing some research and I will buy a quad port card, and I
will use a linksys dsl modem which will bridge a PPPoE connection so the
Linux box can make the connection straight through it transparently via
Ethernet. Any suggestions on a card that is compatible with Linux? That way
I only need the one card in my box, which is great because its only small.
Then I will have 2 Ethernet ports for the public and private subnets, one
for the dsl modem, and one spare for the future! :3D