Re: public ip on LAN

Re: public ip on LAN

[Amit Pasari]

Thanks John,
Let me explain
on My LAN i have ip address - 172.16.1.1
subnet - 255.255.0.0
on My WAN i have ipaddress - 203.122.51.178
subnet - 255.255.255.240

Now , my clients want to have public / Live ip instead of private ips which 
i am giving as  many of my clients uses webserver , and other applications 
which people from outside world needs to access .
I can redirect  ports for one clients but how about 10 clients wanting the 
same .
So i need to give them a public ip so that all the traffic can be 
redirected their ip .


Regards
Amit

At 09:54 PM 1/2/04, you wrote:
>On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
> > Hello,
> > I am using Redhat 8.0 with iptables to provide my client internet services
> > . Everything is going well .
> > i have been giving private ips of 172.16.0.0 series to my clients .
> > But now some of my clients need public ips . i do have many public ips 
> with
> > me .so can somebody tell how can i give public ips to my clients .
> >
> > Thanks & Regards
> > Amit
> > Orangeinfoways.com
>
>Could you please clarify what you mean by giving ips to your clients?
>Thanks - John
>--
>John A. Sullivan III
>Chief Technology Officer
>Nexus Management
>+1 207-985-7880
>john.sullivan@nexusmgmt.com
>---
>If you are interested in helping to develop a GPL enterprise class
>VPN/Firewall/Security device management console, please visit
>http://iscs.sourceforge.net

Re: public ip on LAN

[Michael Gale]

Ahhh.. this makes sense .. I agree with John ... on my firewall I have 25 virtual IP addresses. Each IP gets DNAT to a internal server.

If you have lots of clients this can get confusing ... why not setup apache with virtual host ... each host can point to it's own directory and the uses can just upload the data to their home dir on that server.

Michael.



On Fri, 02 Jan 2004 22:49:39 +0530
Amit Pasari <info@amitpasari.com> wrote:

> Thanks John,
> Let me explain
> on My LAN i have ip address - 172.16.1.1
> subnet - 255.255.0.0
> on My WAN i have ipaddress - 203.122.51.178
> subnet - 255.255.255.240
> 
> Now , my clients want to have public / Live ip instead of private ips which 
> i am giving as  many of my clients uses webserver , and other applications 
> which people from outside world needs to access .
> I can redirect  ports for one clients but how about 10 clients wanting the 
> same .
> So i need to give them a public ip so that all the traffic can be 
> redirected their ip .
> 
> 
> Regards
> Amit
> 
> At 09:54 PM 1/2/04, you wrote:
> >On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
> > > Hello,
> > > I am using Redhat 8.0 with iptables to provide my client internet services
> > > . Everything is going well .
> > > i have been giving private ips of 172.16.0.0 series to my clients .
> > > But now some of my clients need public ips . i do have many public ips 
> > with
> > > me .so can somebody tell how can i give public ips to my clients .
> > >
> > > Thanks & Regards
> > > Amit
> > > Orangeinfoways.com
> >
> >Could you please clarify what you mean by giving ips to your clients?
> >Thanks - John
> >--
> >John A. Sullivan III
> >Chief Technology Officer
> >Nexus Management
> >+1 207-985-7880
> >john.sullivan@nexusmgmt.com
> >---
> >If you are interested in helping to develop a GPL enterprise class
> >VPN/Firewall/Security device management console, please visit
> >http://iscs.sourceforge.net
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: public ip on LAN

[Fabien LE BLEVEC]

In the PREROUTING chain, you said for example :

iptables -A PREROUTING -s 203.122.51.179 -j DNAT --to 172.16.1.2
iptables -A PREROUTING -s 203.122.51.180 -j DNAT --to 172.16.1.3
....
or more accurate :
iptables -A PREROUTING -s 203.122.51.181 -p tcp --dport 80 -j DNAT --to 
172.16.1.4
...

I think it should  be correct for your configuration.

Don't forget to authorize the traffic in the FORWARD chain .


Fabien


Amit Pasari a écrit :

> Thanks John,
> Let me explain
> on My LAN i have ip address - 172.16.1.1
> subnet - 255.255.0.0
> on My WAN i have ipaddress - 203.122.51.178
> subnet - 255.255.255.240
>
> Now , my clients want to have public / Live ip instead of private ips 
> which i am giving as  many of my clients uses webserver , and other 
> applications which people from outside world needs to access .
> I can redirect  ports for one clients but how about 10 clients wanting 
> the same .
> So i need to give them a public ip so that all the traffic can be 
> redirected their ip .
>
>
> Regards
> Amit
>
> At 09:54 PM 1/2/04, you wrote:
>
>> On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
>> > Hello,
>> > I am using Redhat 8.0 with iptables to provide my client internet 
>> services
>> > . Everything is going well .
>> > i have been giving private ips of 172.16.0.0 series to my clients .
>> > But now some of my clients need public ips . i do have many public 
>> ips with
>> > me .so can somebody tell how can i give public ips to my clients .
>> >
>> > Thanks & Regards
>> > Amit
>> > Orangeinfoways.com
>>
>> Could you please clarify what you mean by giving ips to your clients?
>> Thanks - John
>> -- 
>> John A. Sullivan III
>> Chief Technology Officer
>> Nexus Management
>> +1 207-985-7880
>> john.sullivan@nexusmgmt.com
>> ---
>> If you are interested in helping to develop a GPL enterprise class
>> VPN/Firewall/Security device management console, please visit
>> http://iscs.sourceforge.net
>
>
>
>
>

Re: public ip on LAN

[Craig Steadman]

The issue with redirecting web traffic using DNAT is that if
any of the web pages have absolute links then they fail to
work for clients connecting from the internet.
Does anyone know of an apache module that can be configured to
parse and change the anchors in a html page on the fly, for this
scenario ?

Craig.

On Sat, 2004-01-03 at 01:27, Fabien LE BLEVEC wrote:
> In the PREROUTING chain, you said for example :
> 
> iptables -A PREROUTING -s 203.122.51.179 -j DNAT --to 172.16.1.2
> iptables -A PREROUTING -s 203.122.51.180 -j DNAT --to 172.16.1.3
> ....
> or more accurate :
> iptables -A PREROUTING -s 203.122.51.181 -p tcp --dport 80 -j DNAT --to 
> 172.16.1.4
> ...
> 
> I think it should  be correct for your configuration.
> 
> Don't forget to authorize the traffic in the FORWARD chain .
> 
> 
> Fabien
> 
> 
> Amit Pasari a écrit :
> 
> > Thanks John,
> > Let me explain
> > on My LAN i have ip address - 172.16.1.1
> > subnet - 255.255.0.0
> > on My WAN i have ipaddress - 203.122.51.178
> > subnet - 255.255.255.240
> >
> > Now , my clients want to have public / Live ip instead of private ips 
> > which i am giving as  many of my clients uses webserver , and other 
> > applications which people from outside world needs to access .
> > I can redirect  ports for one clients but how about 10 clients wanting 
> > the same .
> > So i need to give them a public ip so that all the traffic can be 
> > redirected their ip .
> >
> >
> > Regards
> > Amit
> >
> > At 09:54 PM 1/2/04, you wrote:
> >
> >> On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
> >> > Hello,
> >> > I am using Redhat 8.0 with iptables to provide my client internet 
> >> services
> >> > . Everything is going well .
> >> > i have been giving private ips of 172.16.0.0 series to my clients .
> >> > But now some of my clients need public ips . i do have many public 
> >> ips with
> >> > me .so can somebody tell how can i give public ips to my clients .
> >> >
> >> > Thanks & Regards
> >> > Amit
> >> > Orangeinfoways.com
> >>
> >> Could you please clarify what you mean by giving ips to your clients?
> >> Thanks - John
> >> -- 
> >> John A. Sullivan III
> >> Chief Technology Officer
> >> Nexus Management
> >> +1 207-985-7880
> >> john.sullivan@nexusmgmt.com
> >> ---
> >> If you are interested in helping to develop a GPL enterprise class
> >> VPN/Firewall/Security device management console, please visit
> >> http://iscs.sourceforge.net
> >
> >
> >
> >
> >
> 
> 
> 

Re: public ip on LAN

[Antony Stone]

On Friday 02 January 2004 6:30 pm, Craig Steadman wrote:

> The issue with redirecting web traffic using DNAT is that if
> any of the web pages have absolute links then they fail to
> work for clients connecting from the internet.

When you say "absolute links", do you mean URLs containing IP addresses 
instead of hostnames?

If you mean "absolute links" as distinct from "relative links" (using 
hostnames) then providing you have your DNS set up correctly, so that 
external queries receive public addresses and internal queries get internal 
addresses, there should be no problem.

> Does anyone know of an apache module that can be configured to
> parse and change the anchors in a html page on the fly, for this
> scenario ?

I suspect that mod_rewrite may be able to do what you want; however I 
recommend you also investigate a proxy server (Apache or Squid would do the 
job) in what is generally accelerator mode (ie the proxy is at the server end 
of the link instead of the client end), as this can listen on a public IP 
address, receive queries from the Internet, and then make local requests to 
the true servers on private IP addresses.

The same proxy could be used for internal and external clients if you wish.

Antony.

-- 
Abandon hope, all ye who enter here.
You'll feel much better about things once you do.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: public ip on LAN

[Michael Gale]

Hello,

	Can you provide an example ? We have a web serve behind the firewall. I am not sure what type of links our web master is using. But we have not had any problems.

We have links to other web servers that our out side of our network on the web site that work.

Michael.



On Sat, 03 Jan 2004 02:30:32 +0800
Craig Steadman <spinout@yakbox.shacknet.nu> wrote:

> The issue with redirecting web traffic using DNAT is that if
> any of the web pages have absolute links then they fail to
> work for clients connecting from the internet.
> Does anyone know of an apache module that can be configured to
> parse and change the anchors in a html page on the fly, for this
> scenario ?
> 
> Craig.
> 
> On Sat, 2004-01-03 at 01:27, Fabien LE BLEVEC wrote:
> > In the PREROUTING chain, you said for example :
> > 
> > iptables -A PREROUTING -s 203.122.51.179 -j DNAT --to 172.16.1.2
> > iptables -A PREROUTING -s 203.122.51.180 -j DNAT --to 172.16.1.3
> > ....
> > or more accurate :
> > iptables -A PREROUTING -s 203.122.51.181 -p tcp --dport 80 -j DNAT --to 
> > 172.16.1.4
> > ...
> > 
> > I think it should  be correct for your configuration.
> > 
> > Don't forget to authorize the traffic in the FORWARD chain .
> > 
> > 
> > Fabien
> > 
> > 
> > Amit Pasari a écrit :
> > 
> > > Thanks John,
> > > Let me explain
> > > on My LAN i have ip address - 172.16.1.1
> > > subnet - 255.255.0.0
> > > on My WAN i have ipaddress - 203.122.51.178
> > > subnet - 255.255.255.240
> > >
> > > Now , my clients want to have public / Live ip instead of private ips 
> > > which i am giving as  many of my clients uses webserver , and other 
> > > applications which people from outside world needs to access .
> > > I can redirect  ports for one clients but how about 10 clients wanting 
> > > the same .
> > > So i need to give them a public ip so that all the traffic can be 
> > > redirected their ip .
> > >
> > >
> > > Regards
> > > Amit
> > >
> > > At 09:54 PM 1/2/04, you wrote:
> > >
> > >> On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
> > >> > Hello,
> > >> > I am using Redhat 8.0 with iptables to provide my client internet 
> > >> services
> > >> > . Everything is going well .
> > >> > i have been giving private ips of 172.16.0.0 series to my clients .
> > >> > But now some of my clients need public ips . i do have many public 
> > >> ips with
> > >> > me .so can somebody tell how can i give public ips to my clients .
> > >> >
> > >> > Thanks & Regards
> > >> > Amit
> > >> > Orangeinfoways.com
> > >>
> > >> Could you please clarify what you mean by giving ips to your clients?
> > >> Thanks - John
> > >> -- 
> > >> John A. Sullivan III
> > >> Chief Technology Officer
> > >> Nexus Management
> > >> +1 207-985-7880
> > >> john.sullivan@nexusmgmt.com
> > >> ---
> > >> If you are interested in helping to develop a GPL enterprise class
> > >> VPN/Firewall/Security device management console, please visit
> > >> http://iscs.sourceforge.net
> > >
> > >
> > >
> > >
> > >
> > 
> > 
> > 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Can iptables do this ?

[Ramoni]

Hi,
can iptables do a temp rule ?
I mean, I need to create rules that will be deleted after x seconds or minutes.
The time module does not remove the rules as it is not supposed to do so.
Is there a module that I could say:
iptables -I FORWARD -s a.b.c.d -j DROP -m xxxxx --minutes 2
and the rule will be deleted after 2 minutes os something like that ?

thanx

Re: Can iptables do this ?

[Antony Stone]

On Friday 02 January 2004 7:07 pm, Ramoni wrote:

> Hi,
> can iptables do a temp rule ?
> I mean, I need to create rules that will be deleted after x seconds or
> minutes. The time module does not remove the rules as it is not supposed to
> do so. Is there a module that I could say:
> iptables -I FORWARD -s a.b.c.d -j DROP -m xxxxx --minutes 2
> and the rule will be deleted after 2 minutes os something like that ?

No.

Use cron, at, or sleep.

Antony.

-- 
Your work is both good and original.  Unfortunately the parts that are good 
aren't original, and the parts that are original aren't good.

 - Samuel Johnson

                                                     Please reply to the list;
                                                           please don't CC me.

public ip on LAN

[Amit Pasari]

Hello,
I am using Redhat 8.0 with iptables to provide my client internet services 
. Everything is going well .
i have been giving private ips of 172.16.0.0 series to my clients .
But now some of my clients need public ips . i do have many public ips with 
me .so can somebody tell how can i give public ips to my clients .

Thanks & Regards
Amit
Orangeinfoways.com 

Re: public ip on LAN

[Michael Gale]

On Fri, 02 Jan 2004 22:00:16 +0530
Amit Pasari <info@amitpasari.com> wrote:

> Hello,
> I am using Redhat 8.0 with iptables to provide my client internet services 
> . Everything is going well .
> i have been giving private ips of 172.16.0.0 series to my clients .
> But now some of my clients need public ips . i do have many public ips with 
> me .so can somebody tell how can i give public ips to my clients .
> 
> Thanks & Regards
> Amit
> Orangeinfoways.com 
> 
> 
> 

	I have never understood this configuration ... why would clients on a internal LAN need public IP addresses ?


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: public ip on LAN

[Antony Stone]

On Friday 02 January 2004 4:22 pm, Michael Gale wrote:

> On Fri, 02 Jan 2004 22:00:16 +0530
>
> Amit Pasari <info@amitpasari.com> wrote:
> > Hello,
> > I am using Redhat 8.0 with iptables to provide my client internet
> > services . Everything is going well .
> > i have been giving private ips of 172.16.0.0 series to my clients .
> > But now some of my clients need public ips . i do have many public ips
> > with me .so can somebody tell how can i give public ips to my clients .
> >
> > Thanks & Regards
> > Amit
> > Orangeinfoways.com
>
> 	I have never understood this configuration ... why would clients on a
> internal LAN need public IP addresses ?

Stupid protocols which bury OSI layer 3/4 information inside layer 7 
datagrams.

Examples: H.323, FTP, PPTP.

Without a NAT helper which understands what to change inside the packets, so 
that it matches the headers, you can't use these protocols across NATted 
connections.

Antony.

-- 
In Heaven, the police are British, the chefs are Italian, the beer is Belgian, 
the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American, 
the mechanics are French, the lovers are Swiss, the entertainment is Belgian, 
and everything is organised by the Italians.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: public ip on LAN

[Michael Gale]

On Fri, 2 Jan 2004 16:30:07 +0000
Antony Stone <Antony@Soft-Solutions.co.uk> wrote:

> On Friday 02 January 2004 4:22 pm, Michael Gale wrote:
> 
> > On Fri, 02 Jan 2004 22:00:16 +0530
> >
> > Amit Pasari <info@amitpasari.com> wrote:
> > > Hello,
> > > I am using Redhat 8.0 with iptables to provide my client internet
> > > services . Everything is going well .
> > > i have been giving private ips of 172.16.0.0 series to my clients .
> > > But now some of my clients need public ips . i do have many public ips
> > > with me .so can somebody tell how can i give public ips to my clients .
> > >
> > > Thanks & Regards
> > > Amit
> > > Orangeinfoways.com
> >
> > 	I have never understood this configuration ... why would clients on a
> > internal LAN need public IP addresses ?
> 
> Stupid protocols which bury OSI layer 3/4 information inside layer 7 
> datagrams.
> 
> Examples: H.323, FTP, PPTP.
> 
> Without a NAT helper which understands what to change inside the packets, so 
> that it matches the headers, you can't use these protocols across NATted 
> connections.
> 
> Antony.
> 
> -- 
> In Heaven, the police are British, the chefs are Italian, the beer is Belgian, 
> the mechanics are German, the lovers are French, the entertainment is 
> American, and everything is organised by the Swiss.
> 
> In Hell, the police are German, the chefs are British, the beer is American, 
> the mechanics are French, the lovers are Swiss, the entertainment is Belgian, 
> and everything is organised by the Italians.
> 
>                                                      Please reply to the list;
>                                                            please don't CC me.
> 
> 

	Yes but usually there are special proxies available for these. But I guess if you have not other choice.


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: public ip on LAN

[Antony Stone]

On Friday 02 January 2004 4:30 pm, Amit Pasari wrote:

> Hello,
> I am using Redhat 8.0 with iptables to provide my client internet services
> . Everything is going well .
> i have been giving private ips of 172.16.0.0 series to my clients .
> But now some of my clients need public ips . i do have many public ips with
> me .so can somebody tell how can i give public ips to my clients .

1. Do your clients *really* need public IPs on the machines themselves, or is 
it sufficient if you use NAT and ensure that packets to some public IP reach 
a specific client, and packets from that client have the public IP when they 
return to the Internet?   What protocols / services are you using which 
require public IPs on the client machines?

2. We can't answer your question in any detail without more information about 
the topology of your network, in particular whether your ISP provides a small 
subnet to you, terminated at your netfilter machine, or whether that subnet 
block can be routed across the netfilter machine so that the IPs can live on 
the other side of it.

3. Have you read the tutorials from http://www.netfilter.org and looked at 
some of the examples to see if they answer your question/s?

Regards,

Antony.

-- 
The idea that Bill Gates appeared like a knight in shining armour to lead all 
customers out of a mire of technological chaos neatly ignores the fact that 
it was he who, by peddling second-rate technology, led them into it in the 
first place.

 - Douglas Adams in The Guardian, 25th August 1995

                                                     Please reply to the list;
                                                           please don't CC me.

Re: public ip on LAN

[Amit Pasari]

Dear Antony,

1. Do your clients *really* need public IPs on the machines themselves, or is
it sufficient if you use NAT and ensure that packets to some public IP reach
a specific client, and packets from that client have the public IP when they
return to the Internet?   What protocols / services are you using which
require public IPs on the client machines?
 >>
Well my clients wants to use Voip / Webserver and other VPN applications .
So they need public ip .

2. We can't answer your question in any detail without more information about
the topology of your network, in particular whether your ISP provides a small
subnet to you, terminated at your netfilter machine, or whether that subnet
block can be routed across the netfilter machine so that thLet me explain
on My LAN i have ip address - 172.16.1.1
subnet - 255.255.0.0
on My WAN i have ipaddress - 203.122.51.178
subnet - 255.255.255.240

Yes i have read many  things , but didn't find the solution.

Regards
Amit

Re: public ip on LAN

[John A. Sullivan III]

Are these users running VoIP and others through a VPN tunnel and the
problem is using NAT on an IPSec tunnel or are they using VoIP AND an
IPSec VPN tunnel and each presents a problem.  If it is just using NAT
and an IPSec VPN, investigate using NAT Traversal.  Otherwise, if you
cannot find an application proxy or an iptables helper for every
application they want to use, you may be stuck with DNAT and SNAT for
those users - John

On Fri, 2004-01-02 at 12:40, Amit Pasari wrote:
> Dear Antony,
> 
> 1. Do your clients *really* need public IPs on the machines themselves, or is
> it sufficient if you use NAT and ensure that packets to some public IP reach
> a specific client, and packets from that client have the public IP when they
> return to the Internet?   What protocols / services are you using which
> require public IPs on the client machines?
>  >>
> Well my clients wants to use Voip / Webserver and other VPN applications .
> So they need public ip .
> 
> 2. We can't answer your question in any detail without more information about
> the topology of your network, in particular whether your ISP provides a small
> subnet to you, terminated at your netfilter machine, or whether that subnet
> block can be routed across the netfilter machine so that thLet me explain
> on My LAN i have ip address - 172.16.1.1
> subnet - 255.255.0.0
> on My WAN i have ipaddress - 203.122.51.178
> subnet - 255.255.255.240
> 
> Yes i have read many  things , but didn't find the solution.
> 
> Regards
> Amit
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com

Re: public ip on LAN

[Michael Gale]

I have never used VoIP .. but would it not be easier to setup a separate box with a VPN server and all the needed software ... of place it on the firewall box .. but a separate one is nice ... then have the clients use it for VPN access and tunnels ?

Michael.


On Fri, 02 Jan 2004 12:31:24 -0500
"John A. Sullivan III" <john.sullivan@nexusmgmt.com> wrote:

> Are these users running VoIP and others through a VPN tunnel and the
> problem is using NAT on an IPSec tunnel or are they using VoIP AND an
> IPSec VPN tunnel and each presents a problem.  If it is just using NAT
> and an IPSec VPN, investigate using NAT Traversal.  Otherwise, if you
> cannot find an application proxy or an iptables helper for every
> application they want to use, you may be stuck with DNAT and SNAT for
> those users - John
> 
> On Fri, 2004-01-02 at 12:40, Amit Pasari wrote:
> > Dear Antony,
> > 
> > 1. Do your clients *really* need public IPs on the machines themselves, or is
> > it sufficient if you use NAT and ensure that packets to some public IP reach
> > a specific client, and packets from that client have the public IP when they
> > return to the Internet?   What protocols / services are you using which
> > require public IPs on the client machines?
> >  >>
> > Well my clients wants to use Voip / Webserver and other VPN applications .
> > So they need public ip .
> > 
> > 2. We can't answer your question in any detail without more information about
> > the topology of your network, in particular whether your ISP provides a small
> > subnet to you, terminated at your netfilter machine, or whether that subnet
> > block can be routed across the netfilter machine so that thLet me explain
> > on My LAN i have ip address - 172.16.1.1
> > subnet - 255.255.0.0
> > on My WAN i have ipaddress - 203.122.51.178
> > subnet - 255.255.255.240
> > 
> > Yes i have read many  things , but didn't find the solution.
> > 
> > Regards
> > Amit
> -- 
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan@nexusmgmt.com
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: public ip on LAN

[John A. Sullivan III]

On Fri, 2004-01-02 at 11:30, Amit Pasari wrote:
> Hello,
> I am using Redhat 8.0 with iptables to provide my client internet services 
> . Everything is going well .
> i have been giving private ips of 172.16.0.0 series to my clients .
> But now some of my clients need public ips . i do have many public ips with 
> me .so can somebody tell how can i give public ips to my clients .
> 
> Thanks & Regards
> Amit
> Orangeinfoways.com 

Could you please clarify what you mean by giving ips to your clients?
Thanks - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: public ip on LAN

[John A. Sullivan III]

On Fri, 2004-01-02 at 12:11, Amit Pasari wrote:
> Thanks John,
> Let me explain
> on My LAN i have ip address - 172.16.1.1
> subnet - 255.255.0.0
> on My WAN i have ipaddress - 203.122.51.178
> subnet - 255.255.255.240
> 
> Now , my clients want to have public / Live ip instead of private ips which 
> i am giving as  many of my clients uses webserver , and other applications 
> which people from outside world needs to access .
> I can redirect  ports for one clients but how about 10 clients wanting the 
> same .
> So i need to give them a public ip so that all the traffic can be 
> redirected their ip .
> 
<snip>
Ah, now I think I understand.  You will want to use the SNAT and DNAT
targets in iptables.  The documentation in Oskar Andreasson's tutorial
is quite good.  There are probably some good GUI tools available to make
this easier such as fwbuilder.  As soon as ISCS is done
(http://iscs.sourceforge.net), we should be able to make this much
easier.
Depending on the application, you may be able to get around the need to
allocate them public addresses altogether by using an appropriate
application proxy or one of the iptables helpers.  What applications are
they using that they think they need public ip addresses?

-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com