All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Router for giving more than 1 ip
Date: Sun, 31 Aug 2003 03:39:25 +0000	[thread overview]
Message-ID: <marc-lartc-106230127016060@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106228319506856@msgid-missing>

 : Hi i have a debian box working as a router.. it works quite well, now i
 : want to give more than 1 ip.. is it possible to do it?

You want to host more than one IP on your box?  Easily done.

# ip addr add eth1 $SECONDARY_OUTSIDE_IP/32

 : some of them must be an open ip.. i mean.. all ports opened is it
 : possible? how should i do it?

Sure, it's possible*.  Note, though, that in this command, you have not
specified a destination address on these DNAT commands, so you'll need to
change them.

 : iptables -t nat -A PREROUTING \
 : -i eth1 -p tcp --dport 110 -j DNAT --to 192.168.0.16:25

This should be something more like this:

  iptables -t nat -A PREROUTING -j DNAT --to 192.168.0.16:25 \
    -i eth1 -p tcp --dport 110 -s 0/0 -d $PRIMARY_OUTSIDE_IP

 : iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

If you wish to have more control over the source address of these packets,
you can use "-j SNAT --to $PRIMARY_OUTSIDE_IP".

[ many DNAT commands snipped ]

* in order to open all ports to a given internal IP, try the following:

  iptables -t nat -A PREROUTING -j DNAT --to $GAPING_SECURITY_HOLE \
    -i eth1 -s 0/0 -d $SECONDARY_OUTSIDE_IP

That should do it!  Be forewarned, that application layer protocols which
embed network layer information in their messages will be
confused....consider the usual NAT problems with FTP.

Best of luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

      parent reply	other threads:[~2003-08-31  3:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-28 22:18 [LARTC] Router for giving more than 1 ip carlos lorente
2003-08-29  8:25 ` carlos lorente
2003-08-31  3:39 ` Martin A. Brown [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-106230127016060@msgid-missing \
    --to=mabrown-lartc@securepipe.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.