real IPbehind SNAT

Hi.

I'd like to route a real IP behind a static NAT.

INTERNET
|
|
eth0 = REAL IP 1
ROUTER with Linux
eth1 = private IP
|
|
HUB
|
|
eth0 = REAL IP 2
SERVER 1

Can I route traffic to the REAL IP 2?
How should I do it?

REAL IP 1 and REAL IP 2 are in the same subnet.

I've read some documents but I still dont't
know how to set this up.

I guess I have to put a fake ARP entry in eth0
and add a host route in the ROUTER...

Regards,
Nelson.-

On 27 Apr 2004 05:14:16 -0700
(E-Mail Removed) (Nelson Castillo) wrote:

> Hi.
>
> I'd like to route a real IP behind a static NAT.
>
> INTERNET
> |
> |
> eth0 = REAL IP 1
> ROUTER with Linux
> eth1 = private IP
> |
> |
> HUB
> |
> |
> eth0 = REAL IP 2
> SERVER 1
>
> Can I route traffic to the REAL IP 2?
> How should I do it?
>
> REAL IP 1 and REAL IP 2 are in the same subnet.
>
> I've read some documents but I still dont't
> know how to set this up.
>
> I guess I have to put a fake ARP entry in eth0
> and add a host route in the ROUTER...

What do you mean with REAL_IP? Public IP? If yes, assing a private
IP to your server and do a DNAT on the router for the public IP,
that points to the private IP. eg
iptables -t nat -A PREROUTING -i eth0 -d $public_ip -j DNAT --to-destination $private_ip
and
iptables -t nat -A POSTROUTING -o eth0 -s $private_ip -j SNAT --to-source $public_ip

Allow any needed services in the FORWARD chain.

Greets
Chris

> On 27 Apr 2004 05:14:16 -0700
> (E-Mail Removed) (Nelson Castillo) wrote:
>> I'd like to route a real IP behind a static NAT.

Static NAT?

>> INTERNET
>> |
>> |
>> eth0 = REAL IP 1
>> ROUTER with Linux
>> eth1 = private IP
>> |

So far so good.

>> HUB
>> |
>> eth0 = REAL IP 2
>> SERVER 1

This might not work; I've never tried it though. Maybe with an arp
command on ROUTER and appropriate route table entries ... try it and
see.


>> Can I route traffic to the REAL IP 2?

ROUTER has to know to accept packets for REAL IP 2, and also have a
static route to deliver them out eth1.

>> I guess I have to put a fake ARP entry in eth0
>> and add a host route in the ROUTER...

Uh, yeah, that's it. Did you try this?

On Tue, 27 Apr 2004 20:23:09 +0200, Christoph Scheurer wrote:
> What do you mean with REAL_IP? Public IP? If yes, assing a private
> IP to your server and do a DNAT on the router for the public IP,
> that points to the private IP. eg
> iptables -t nat -A PREROUTING -i eth0 -d $public_ip -j DNAT \
> --to-destination $private_ip
> and
> iptables -t nat -A POSTROUTING -o eth0 -s $private_ip -j SNAT \
> --to-source $public_ip

This might work better, but the ROUTER needs an alias for eth0 ...
ifconfig eth0:server $REAL_IP_2
Then both machines will have private IP addresses on the internal
interface, with DNAT and SNAT rules as Chris suggests.

> Allow any needed services in the FORWARD chain.

Yes, and of course in either case:
echo 1 > /proc/sys/net/ipv4/ip_forward
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

(E-Mail Removed) (Nelson Castillo) wrote in message news:<(E-Mail Removed). com>...
> Hi.
>
> I'd like to route a real IP behind a static NAT.
>
> INTERNET
> |
> |
> eth0 = REAL IP 1
> ROUTER with Linux
> eth1 = private IP <<< this must be on same subnet as REAL IP 2
> |
> |
> HUB <<< this is just a signal re-generator,
everything in will go out all ports
> |
> |
> eth0 = REAL IP 2 <<< both ends must be on same subnet
> SERVER 1
>
> Can I route traffic to the REAL IP 2?
> How should I do it?

This is what a dmz is for -- a subnet you host to offer public (real
IP) services.

> REAL IP 1 and REAL IP 2 are in the same subnet.

A dmz capable router _may_ make more sense for your situation. With
Linux, you need a third (dmz) nic installed to keep the public segment
separate from the private lan segment.

> I've read some documents but I still dont't
> know how to set this up.

That's the first sign that this is not a good setup to deploy. Nics
are so cheap these days that it doesn't make sense to avoid the $20.
And it's a _whole_ lot easier to set up and maintain. Your proposed
setup offers _no_ advantages and lots of headaches.

> I guess I have to put a fake ARP entry in eth0
> and add a host route in the ROUTER...

And a bunch of other tricky entries as well. All the "tricks" you
perform to get it up, you will have to maintain and troubleshoot
around. I wouldn't think of doing it this way unless someone was
paying me. You would certainly learn a lot and might have this going
smoothly by Christmas -- assuming you don't have any surprises.

> Regards,
> Nelson.-

I'm not saying, "you _cannot_ do this, Grasshopper", but it would be
_very_ much easier to set up a "standard" configuration.

inet ----- (e0)Linux router (e2)----- private lan (hub or switch)
|
(e1 to public dmz)
|
public server

Make your life easier -- you deserve it.

hth,
prg
email above disabled

(E-Mail Removed) (Nelson Castillo) wrote in message news:<(E-Mail Removed). com>...
> Hi.
>
> I'd like to route a real IP behind a static NAT.
>
> INTERNET
> |
> |
> eth0 = REAL IP 1
> ROUTER with Linux
> eth1 = private IP
> |
> |
> HUB
> |
> |
> eth0 = REAL IP 2
> SERVER 1
>
> Can I route traffic to the REAL IP 2?
> How should I do it?
>
> REAL IP 1 and REAL IP 2 are in the same subnet.
>
> I've read some documents but I still dont't
> know how to set this up.
>
> I guess I have to put a fake ARP entry in eth0
> and add a host route in the ROUTER...
>
> Regards,
> Nelson.-

Just following up my own screwed up ascii art -- least that's how
looks on Google. Sorry, I'm terrible with ascii art -- any kind
actually.

inet
|
|
(eth0 -- public IP)
-----------------
linux router | (eth1 -- public IP) ---->dmz--->public server
-----------------
(eth2 -- private IP)
|
hub
|
private lan -- private IPs

prg
email above disabled