Router/linux question

Scenario:

i have one router, and 8 static ip from my isp

i want to assign to a linux machine behind the router, all avaiable public
ip (knowing that one is for the net, one for the broadcast, one for the
remote router and one for the wan interface on my router).

The router is a Telindus 9100, but i need help on the logic of the
configuration, not the real setup of the router.

One of my friends told me that i have to assign another public ip to the LAN
interface of the router.
Then i can assign the remaining ip (3) to the linux machine.

My problem is that the router does not seems to forward packet from the wan
ip to the lan ip.
I tried adding on free ip to one machine, setting the gateway to the lan ip
of the router, and it seems that pinging the router lan ip works, but
pinging an outside ip gives me network unreachable.


What i'm doing wrong? Do i have to specify some type of forwarding/routing
on the router?

my ip are those:

x.x.x.184 network
x.x.x.185 remote router
x.x.x.186 local router (wan)
x.x.x.187 local router (lan)
x.x.x.188 linux box
x.x.x.189 linux box
x.x.x.190 linux box
x.x.x.191 broadcast

if i give an ip of 192.168.x.x to the lan interface of the router, and to
the linux bux, and activate NAT on the router, i'm able to ping
everything...
but i need to come from the outside into the linux box (it's one machine
only at the moment, but may be they can become 3 separate computers)


many thanks

Marco

Marco Paglioni wrote:

> Scenario:
>
> i have one router, and 8 static ip from my isp
>
> i want to assign to a linux machine behind the router, all avaiable public
> ip (knowing that one is for the net, one for the broadcast, one for the
> remote router and one for the wan interface on my router).
>
> The router is a Telindus 9100, but i need help on the logic of the
> configuration, not the real setup of the router.
>
> One of my friends told me that i have to assign another public ip to the
> LAN interface of the router.
> Then i can assign the remaining ip (3) to the linux machine.
>
> My problem is that the router does not seems to forward packet from the
> wan ip to the lan ip.
> I tried adding on free ip to one machine, setting the gateway to the lan
> ip of the router, and it seems that pinging the router lan ip works, but
> pinging an outside ip gives me network unreachable.
>
>
> What i'm doing wrong? Do i have to specify some type of forwarding/routing
> on the router?
>
> my ip are those:
>
> x.x.x.184 network
> x.x.x.185 remote router
> x.x.x.186 local router (wan)
> x.x.x.187 local router (lan)
> x.x.x.188 linux box
> x.x.x.189 linux box
> x.x.x.190 linux box
> x.x.x.191 broadcast
>
> if i give an ip of 192.168.x.x to the lan interface of the router, and to
> the linux bux, and activate NAT on the router, i'm able to ping
> everything...
> but i need to come from the outside into the linux box (it's one machine
> only at the moment, but may be they can become 3 separate computers)
>
>
> many thanks
>
> Marco
Hi,

if I was you, I would assign private IPs to the Linux boxes. Then do a
redirect.
For example, Linux box one has pubic IP 1.2.3.4 and the private IP
192.168.1.1 that you assigned to the box. Then do a destination NAT on the
Linux router:
iptables -t nat -A PREROUTING -d 1.2.3.4 -i interface_external -j DNAT
--to-destination 192.168.1.1

Alex

Hi Marco,

> i have one router, and 8 static ip from my isp
>
> i want to assign to a linux machine behind the router, all avaiable public
> ip (knowing that one is for the net, one for the broadcast, one for the
> remote router and one for the wan interface on my router).
>
> The router is a Telindus 9100, but i need help on the logic of the
> configuration, not the real setup of the router.
>
> One of my friends told me that i have to assign another public ip to the LAN
> interface of the router.
> Then i can assign the remaining ip (3) to the linux machine.
>
> My problem is that the router does not seems to forward packet from the wan
> ip to the lan ip.
> I tried adding on free ip to one machine, setting the gateway to the lan ip
> of the router, and it seems that pinging the router lan ip works, but
> pinging an outside ip gives me network unreachable.

Ok, basically it's a question what a router does and what he doesn't.
The main purpose is to connect 2 (or more) networks.
In the usual config, one net is the whole rest of the world (internet)
and one net is your private net. Many routers therefor have one WAN port
and several LAN ports (providing switch functionality).
The default setup would be:

if some IP packet comes from the LAN side,
check, if the dest IP is in the LAN net.
If so, keep the packet on the LAN side.

If the ip is not on the LAN net, route the packet to the WAN net.

And the whole thing vice versa (i'm assuming no NAT or masquerading at this
point).

Ok, in your setting, the WAN and LAN net are in the same subnet/network address
range. So this surely confuses the router. You can ping the LAN interface from
your machine, that's clear. But when you want to talk to someone on your LAN,
the routing table says "This subnet is on LAN side" and it says "this subnet is
on WAN side", too. So what should it do?
The same goes for destinations outside...the router only knows about ONE net.

A solution would be, as suggested by another poster, that you would
use private IPs for your LAN and use the router for NAT'ing or masq'ing
your LAN traffic to the world.

But you have serveral static IPs and you want to talk to your LAN PCs directly.
That means it'll be useful, if you expose the boxes directly to the internet
using your static IPs.

Ok, in this case the router acts as some kind of special switch, connecting your
LAN boxes to the subnet of your ISP.

I'm not really an expert, so i may be wrong. But i think your routing table
should look something like:

- traffic for X.X.X.X/0 goes to WAN port
- traffic for X.X.X.184/24 goes to WAN port (i'm not sure about the netmask)
- traffic for X.X.X.188/32 goes to LAN side (the port, where box 1 is connected)
- traffic for X.X.X.189/32 goes to LAN side (the port, where box 2 is connected)
- traffic for X.X.X.190/32 goes to LAN side (the port, where box 3 is connected)

This should route any traffic outside your 3 local boxes to the your ISP's
router......and the 3 specific IPs that can be found will be reached on the LAN
side. But i'm not sure about if this will provide proper broadcast behaviour.
Your 9 IPs do not allow to form a real subnet (like X.X.X.160/26), so this is
all a bit more difficult.

Maybe anybody else can confirm if that is correct or how this situation
can be handled....

HTH

Ralf

"Marco Paglioni" <(E-Mail Removed)> wrote in message news:<c9kojo$f01$(E-Mail Removed)>...
> Scenario:
>
> i have one router, and 8 static ip from my isp
>
> i want to assign to a linux machine behind the router, all avaiable public
> ip (knowing that one is for the net, one for the broadcast, one for the
> remote router and one for the wan interface on my router).
>
> The router is a Telindus 9100, but i need help on the logic of the
> configuration, not the real setup of the router.
>
> One of my friends told me that i have to assign another public ip to the LAN
> interface of the router.
> Then i can assign the remaining ip (3) to the linux machine.
>
> My problem is that the router does not seems to forward packet from the wan
> ip to the lan ip.
> I tried adding on free ip to one machine, setting the gateway to the lan ip
> of the router, and it seems that pinging the router lan ip works, but
> pinging an outside ip gives me network unreachable.
>
>
> What i'm doing wrong? Do i have to specify some type of forwarding/routing
> on the router?
>
> my ip are those:
>
> x.x.x.184 network
> x.x.x.185 remote router
> x.x.x.186 local router (wan)
> x.x.x.187 local router (lan)
> x.x.x.188 linux box
> x.x.x.189 linux box
> x.x.x.190 linux box
> x.x.x.191 broadcast
>
> if i give an ip of 192.168.x.x to the lan interface of the router, and to
> the linux bux, and activate NAT on the router, i'm able to ping
> everything...
> but i need to come from the outside into the linux box (it's one machine
> only at the moment, but may be they can become 3 separate computers)
>
>
> many thanks
>
> Marco

Marco,

Building on the this many-to-one/dynamic NAT configuration, you need
to add static NAT. So if you start a connection out, the router
translates the source IP address from 192.168.x.x to the x.x.x.186.
When a return packet comes in, it translates the destination back into
192.168.x.x.

You need for the router to take in inbound connection to x.x.x.188 and
translate it into 192.168.x.x. Then the return packet will get
translated from 192.168.x.x to x.x.x.188.

Hope this helps,
-Dean

I didn't see the rest of the thread but ... did you make sure you had set
the forwarding by writing a '1' to /etc/net/.../ip_forward ?

Rudolf



[Snip]pets of what Marco Paglioni
<(E-Mail Removed)> wrote:
: the problem is that the router seems to not route from the x.x.x.186 to the
: x.x.x.187 (external and interal port)

: and i'm not able to ping none of the two either


:> if I was you, I would assign private IPs to the Linux boxes. Then do a
:> redirect.
:> For example, Linux box one has pubic IP 1.2.3.4 and the private IP
:> 192.168.1.1 that you assigned to the box. Then do a destination NAT on the
:> Linux router:
:> iptables -t nat -A PREROUTING -d 1.2.3.4 -i interface_external -j DNAT
:> --to-destination 192.168.1.1
:>
:> Alex



--
You just might be a graduate student if...

* your desk/cubicle is better decorated than your apartment.
* you have ever brought a scholarly article to a bar.
* everything reminds you of something in your discipline.
* you have ever discussed academic matters at a sporting event.
* you have ever spent more than $50 on photocopying while researching a
single paper.
* you can tell the time of day by looking at the traffic flow at the library.
* you look forward to summers because you're more productive without the
distraction of classes.
* you regard ibuprofen as a vitamin.
* professors don't really care when you turn in work anymore.
* you find the bibliographies of books more interesting than the actual text.
* you have given up trying to keep your books organized and are now just
trying to keep them all in the same general area.
* you have accepted guilt as an inherent feature of relaxation.
* you find yourself explaining to children that you are in "20th grade".
* you frequently wonder how long you can live on pasta without getting scurvy.
* you look forward to taking some time off to do laundry.

with help of one of my firends, i managed to set up my firewall correctly.
Now it works like a charm.


Now i'm looking for a good network management tool.. like nagios (but it's
VERY HARD to configure) the keep an eye on my servers.


"Rudolf Potucek" <(E-Mail Removed)> ha scritto nel messaggio
news:caav01$ncr$(E-Mail Removed)...
> I didn't see the rest of the thread but ... did you make sure you had set
> the forwarding by writing a '1' to /etc/net/.../ip_forward ?
>
> Rudolf
>
>
>
> [Snip]pets of what Marco Paglioni
> <(E-Mail Removed)> wrote:
> : the problem is that the router seems to not route from the x.x.x.186 to
the
> : x.x.x.187 (external and interal port)
>
> : and i'm not able to ping none of the two either
>
>
> :> if I was you, I would assign private IPs to the Linux boxes. Then do a
> :> redirect.
> :> For example, Linux box one has pubic IP 1.2.3.4 and the private IP
> :> 192.168.1.1 that you assigned to the box. Then do a destination NAT on
the
> :> Linux router:
> :> iptables -t nat -A PREROUTING -d 1.2.3.4 -i interface_external -j DNAT
> :> --to-destination 192.168.1.1
> :>
> :> Alex
>
>
>
> --
> You just might be a graduate student if...
>
> * your desk/cubicle is better decorated than your apartment.
> * you have ever brought a scholarly article to a bar.
> * everything reminds you of something in your discipline.
> * you have ever discussed academic matters at a sporting event.
> * you have ever spent more than $50 on photocopying while researching a
> single paper.
> * you can tell the time of day by looking at the traffic flow at the
library.
> * you look forward to summers because you're more productive without the
> distraction of classes.
> * you regard ibuprofen as a vitamin.
> * professors don't really care when you turn in work anymore.
> * you find the bibliographies of books more interesting than the actual
text.
> * you have given up trying to keep your books organized and are now just
> trying to keep them all in the same general area.
> * you have accepted guilt as an inherent feature of relaxation.
> * you find yourself explaining to children that you are in "20th grade".
> * you frequently wonder how long you can live on pasta without getting
scurvy.
> * you look forward to taking some time off to do laundry.
>