[LARTC] Routing public IP's through a gateway

[LARTC] Routing public IP's through a gateway

[Tim Groeneveld]

[-- Attachment #1.1: Type: text/plain, Size: 859 bytes --]

Greeting all,

I have a bit of a complicated question.

I have two ethernet devices, eth1 and eth2.

eth1 is where my internet comes from. It is in the form of 202.172.122.208/29. 
It has another IP range, 202.172.122.72/29. What I want to be able to do is 
route 202.172.122.72/29 to eth2, so that other machines can use those IPs, 
any ideas on how to do this, I cannot work out how to do this.

eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to 
202.172.122.76.

eth1 is basically just hooked into my internet router, while eth2 is hooked 
into a switch, and will be used for other computers.

If anyone could help me with this setup, I would more then appreciate it.

Thank you very much,

     - Tim Groeneveld

--

Need hosting for your next Open Source project? why not try ShareSource? 
www.sharesource.org

[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Routing public IP's through a gateway

[Alex Samad]

[-- Attachment #1.1: Type: text/plain, Size: 1360 bytes --]

On Sun, Oct 14, 2007 at 11:07:10PM +1000, Tim Groeneveld wrote:
> Greeting all,
> 
> I have a bit of a complicated question.
> 
> I have two ethernet devices, eth1 and eth2.
> 
> eth1 is where my internet comes from. It is in the form of 202.172.122.208/29. 
> It has another IP range, 202.172.122.72/29. What I want to be able to do is 
> route 202.172.122.72/29 to eth2, so that other machines can use those IPs, 
> any ideas on how to do this, I cannot work out how to do this.
You haven't made it too clear what exactly you are trying to do, from what i 
gather this should work on your linux box


ip route add 202.172.122.72/29 dev eth2

Does your isp route 202.172.122.72/29 to you ?

> 
> eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to 
> 202.172.122.76.
> 
> eth1 is basically just hooked into my internet router, while eth2 is hooked 
> into a switch, and will be used for other computers.
> 
> If anyone could help me with this setup, I would more then appreciate it.
> 
> Thank you very much,
> 
>      - Tim Groeneveld
> 
> --
> 
> Need hosting for your next Open Source project? why not try ShareSource? 
> www.sharesource.org



> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Routing public IP's through a gateway

[Mohan Sundaram]

Mohan Sundaram wrote:
> Alex Samad wrote:
>> ip route add 202.172.122.72/29 dev eth2
>>
>> Does your isp route 202.172.122.72/29 to you ?
>>
>>> eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to 
>>> 202.172.122.76.
> seems to be outside subnet cited. *.72/29 is .72-.75* Only 2 addresses 
> can be served on DHCP from a subnet of 4.

Pl ignore. I'm wrong. Early morning fogginess.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Routing public IP's through a gateway

[Mohan Sundaram]

Alex Samad wrote:
> On Sun, Oct 14, 2007 at 11:07:10PM +1000, Tim Groeneveld wrote:
>> Greeting all,
>>
>> I have a bit of a complicated question.
>>
>> I have two ethernet devices, eth1 and eth2.
>>
>> eth1 is where my internet comes from. It is in the form of 202.172.122.208/29. 
>> It has another IP range, 202.172.122.72/29. What I want to be able to do is 
>> route 202.172.122.72/29 to eth2, so that other machines can use those IPs, 
>> any ideas on how to do this, I cannot work out how to do this.
> You haven't made it too clear what exactly you are trying to do, from what i 
> gather this should work on your linux box
*cannot agree more*. Topology and better expression of scenario 
requiring this helps always. This may be a convoluted solution to a 
simple problem. I must add we are operating in relative vaccum here.
> 
> 
> ip route add 202.172.122.72/29 dev eth2
> 
> Does your isp route 202.172.122.72/29 to you ?
> 
>> eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to 
>> 202.172.122.76.
seems to be outside subnet cited. *.72/29 is .72-.75* Only 2 addresses 
can be served on DHCP from a subnet of 4.
>>
>> eth1 is basically just hooked into my internet router, while eth2 is hooked 
>> into a switch, and will be used for other computers.
>>
>> If anyone could help me with this setup, I would more then appreciate it.
>>
>> Thank you very much,
>>
>>      - Tim Groeneveld
>>
You seem to want to use public IP addresses against mapping public to 
private addresses. If so, why not just connect the router to the switch 
and connect all computers to the switch? Will also be better to get a 
combined /28 subnet. No private addresses? No need for firewall?

I would use the Linux machine to map the public addresses to private 
addresses for specific services to a DMZ.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Routing public IP's through a gateway

[Tim Groeneveld]

[-- Attachment #1.1: Type: text/plain, Size: 2081 bytes --]

On Sunday 14 October 2007 11:07:10 pm Tim Groeneveld wrote:
> Greeting all,
>
> I have a bit of a complicated question.
>
> I have two ethernet devices, eth1 and eth2.
>
> eth1 is where my internet comes from. It is in the form of
> 202.172.122.208/29. It has another IP range, 202.172.122.72/29. What I want
> to be able to do is route 202.172.122.72/29 to eth2, so that other machines
> can use those IPs, any ideas on how to do this, I cannot work out how to do
> this.
>
> eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to
> 202.172.122.76.
>
> eth1 is basically just hooked into my internet router, while eth2 is hooked
> into a switch, and will be used for other computers.
>
> If anyone could help me with this setup, I would more then appreciate it.
>
> Thank you very much,
>
>      - Tim Groeneveld
>

To extend what I have tried to say further:

My ISP has given me two IP ranges. 202.172.122.208/29 and 202.172.122.72/29. 
They are unable to give me any larger IP ranges for some lame excuse, which I 
am sure was written by the BOfH.

Does your isp route 202.172.122.72/29 to me? Why yes it does. It routes this 
IP through the gateway 202.172.122.209.

If I want to give a machine an IP in 202.172.122.72/29, this is what I need
   > A machine already in the 202.172.122.208/29 IP range.
   > ip route add 202.172.122.72/29 via 202.172.122.209 dev eth1
   > ifconfig eth1 202.172.122.73 netmask 255.255.255.248
(where on this machine, eth1 is hooked into my router).

What I would like, is a gateway machine, which will use eth2 to provide a 
gateway for other machines to assign themselves .72/29 IP's, *without* the 
need of 202.172.122.209 being in the route table.

So, there would be *one* gateway machine. This gateway machine has (already) 
an IP on both ranges.
    > 202.172.122.211 (eth1)
    > 202.172.122.74 (eth2)

eth2 would then be connected into a switch, and eth1 into the internet router.

I am not sure if this helps at all, sorry if it does not.

Thanks again,
     - Tim G

[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Routing public IP's through a gateway

[Dan]

Hi,

Sounds to me like you don't actually need to do anything - just enable IP forwarding on the linux machine (the gateway - usually something like echo 1 > /proc/sys/net/ipv4/ip_forward), and point your 202.172.122.7x machines at 202.172.122.74 for their default gateway (which your DHCP server should be passing out as a dhcp option anyway).

Unless I have missed something in the question?

Dan

-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl [mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Tim Groeneveld
Sent: 15 October 2007 13:15
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Routing public IP's through a gateway

On Sunday 14 October 2007 11:07:10 pm Tim Groeneveld wrote:
> Greeting all,
>
> I have a bit of a complicated question.
>
> I have two ethernet devices, eth1 and eth2.
>
> eth1 is where my internet comes from. It is in the form of 
> 202.172.122.208/29. It has another IP range, 202.172.122.72/29. What I 
> want to be able to do is route 202.172.122.72/29 to eth2, so that 
> other machines can use those IPs, any ideas on how to do this, I 
> cannot work out how to do this.
>
> eth2 has a DHCP server, which only gives out IPs 202.172.122.74 to 
> 202.172.122.76.
>
> eth1 is basically just hooked into my internet router, while eth2 is 
> hooked into a switch, and will be used for other computers.
>
> If anyone could help me with this setup, I would more then appreciate it.
>
> Thank you very much,
>
>      - Tim Groeneveld
>

To extend what I have tried to say further:

My ISP has given me two IP ranges. 202.172.122.208/29 and 202.172.122.72/29. 
They are unable to give me any larger IP ranges for some lame excuse, which I am sure was written by the BOfH.

Does your isp route 202.172.122.72/29 to me? Why yes it does. It routes this IP through the gateway 202.172.122.209.

If I want to give a machine an IP in 202.172.122.72/29, this is what I need
   > A machine already in the 202.172.122.208/29 IP range.
   > ip route add 202.172.122.72/29 via 202.172.122.209 dev eth1
   > ifconfig eth1 202.172.122.73 netmask 255.255.255.248 (where on this machine, eth1 is hooked into my router).

What I would like, is a gateway machine, which will use eth2 to provide a gateway for other machines to assign themselves .72/29 IP's, *without* the need of 202.172.122.209 being in the route table.

So, there would be *one* gateway machine. This gateway machine has (already) an IP on both ranges.
    > 202.172.122.211 (eth1)
    > 202.172.122.74 (eth2)

eth2 would then be connected into a switch, and eth1 into the internet router.

I am not sure if this helps at all, sorry if it does not.

Thanks again,
     - Tim G


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

FW: [LARTC] Routing public IP's through a gateway

[Dan]

If understand the setup correctly based on previous emails, it looks like this:

[Internet] <-> [202.172.122.211 (eth1) {Gateway Machine} 202.172.122.74 (eth2)] <-> [202.172.122.75 (eth1) {Other Machine}]

So, according to your emails, your external (eth1) interface on the Gateway machine ** needs to be .209 not .211 or .210 ** (as this is where the ISP's 'router' is pointing the .72 subnet according to what you said), and you need to type echo 1 > /proc/sys/net/ipv4/ip_forward on the gateway machine. No route commands needed: the Gateway machine knows where the .72 subnet is, because it has an interface on it. The Gateway Machine's default gateway is set to your normal ISP's gateway.

Does that sound like your setup? If so, a few things come to mind - either your ISP is not routing .72/29 via .209, or maybe you have a firewall or routing rules in place, or you are using the wrong IP on the eth1 gateway interface.

Hope this helps!

Dan

-----Original Message-----
From: Tim Groeneveld [mailto:tim@timg.ws] 
Sent: 15 October 2007 13:45
To: Dan
Subject: Re: [LARTC] Routing public IP's through a gateway

On Monday 15 October 2007 10:31:25 pm you wrote:
> Unless I have missed something in the question?

Well, these are the commands I issue on my gateway machine:
  > ifconfig eth1 202.172.122.210 netmask 255.255.255.248
  > ifconfig eth2 202.172.122.73 netmask 255.255.255.248
  > route add -net 202.172.122.72 netmask 255.255.255.248 eth1
  > route add default gw 202.172.122.209
  > echo 1 > /proc/sys/net/ipv4/ip_forward

They all succeed and everything, but no outside Internet locations are accessable on .72/29 machines.

What is worse, running
  > tcpdump -i eth1

Shows that the data from eth2 is being sent to the Internet, but there is no replies coming on eth2.


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: FW: [LARTC] Routing public IP's through a gateway

[Tim Groeneveld]

[-- Attachment #1.1: Type: text/plain, Size: 614 bytes --]

On Monday 15 October 2007 11:07:39 pm Dan wrote:
> So, according to your emails, your external (eth1) interface on the Gateway
> machine ** needs to be .209 not .211 or .210 ** (as this is where the ISP's
> 'router' is pointing the .72 subnet according to what you said), and you
> need to type echo 1 > /proc/sys/net/ipv4/ip_forward on the gateway machine.
> No route commands needed: the Gateway machine knows where the .72 subnet
> is, because it has an interface on it. The Gateway Machine's default
> gateway is set to your normal ISP's gateway.

.209 is taken by the routers gateway, so, it needs to be 210.

[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: FW: [LARTC] Routing public IP's through a gateway

[Tim Groeneveld]

[-- Attachment #1.1: Type: text/plain, Size: 2434 bytes --]

On Monday 15 October 2007 11:12:40 pm Tim Groeneveld wrote:
> On Monday 15 October 2007 11:07:39 pm Dan wrote:
> > So, according to your emails, your external (eth1) interface on the
> > Gateway machine ** needs to be .209 not .211 or .210 ** (as this is where
> > the ISP's 'router' is pointing the .72 subnet according to what you
> > said), and you need to type echo 1 > /proc/sys/net/ipv4/ip_forward on the
> > gateway machine. No route commands needed: the Gateway machine knows
> > where the .72 subnet is, because it has an interface on it. The Gateway
> > Machine's default gateway is set to your normal ISP's gateway.
>
> .209 is taken by the routers gateway, so, it needs to be 210.

root@videl:/home/tim# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
202.172.122.208 *               255.255.255.248 U     0      0        0 eth1
202.172.122.72  *               255.255.255.248 U     0      0        0 eth2
link-local      *               255.255.0.0     U     1000   0        0 eth1
default         home.gateway    0.0.0.0         UG    100    0        0 eth1


root@videl:/home/tim# ip route list
202.172.122.208/29 dev eth1  proto kernel  scope link  src 202.172.122.210
202.172.122.72/29 dev eth2  proto kernel  scope link  src 202.172.122.73
169.254.0.0/16 dev eth1  scope link  metric 1000
default via 202.172.122.209 dev eth1  metric 100

Is this the correct way to have the route, or is there something here that 
could be stopping the route from working?

root@videl:/home/tim# tcpdump -i eth2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
00:08:23.863360 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > 
jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 
1460,nop,nop,sackOK>
00:08:26.786727 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > 
jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 
1460,nop,nop,sackOK>
00:08:31.280752 arp who-has home.gateway tell 
202-172-122-74.static.nsw-6.comcen.com.au
00:08:32.795422 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > 
jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 
1460,nop,nop,sackOK>

That is a tcpdump of eth2 ... when typing 72.14.253.147 into a browser.

Thanks again,
    - Tim G

[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc