|
You DON'T do this with MASQ.
MASQ is a 1:Many NAT setup which is the incorrect tool to perform what you are looking for. You are looking for is either Many:Many NAT solution or a Briding setup.
NOTE: For users out there who are thinking about enabling multiple IP addresses on one internal NIC using "IP Alias" and then just PORTFWeding ALL of those ports (0-65535), and and finally use IPROUTE2 to maintain the proper source/destination IP pairs. This has been done SUCCESSFULLY on 2.0.x kernels and less successfully on 2.2.x kernels. Regardless of success, that isn't the proper way to do it, it's a total HACK, and it is not a supported MASQ configuration. Please, give IPTABLES on the 2.4.x kernels a serious look or to a much lesser extent, Section 7.30 IPROUTE2 look for 2.2.x kernels.
Anyway, for forwarding external IP address to internal hosts, you basically have three possibilites:
1. Route the external IPs (This does NOT involve IPMASQ at all but requires special WAN addressing and routing setup from your ISP): Internet -- Some public WAN -- Linux -- DMZ segment IP address Server PUBLIC IPs | +------ Internal net private IPs |
2. 1:1 NAT (Most easily done via IPTABLES or with IPCHAINS and IPROUTE2 but still some protocols cannot deal with NAT) Internet -- Linux -- DMZ segment Server Private IPs natted to 1:1 PUBLIC IPs | +------ Internal net private IPs |
3. Bridging: This is how most commercial firewalls do it as it's very slick. Basically, all public IPs transparently flow through the Linux server to the DMZ but via firewall inspection. Internet -- Linux -- DMZ segment Server PUBLIC IPs | +------ Internal net private IPs |
Each of these solutions have pros and cons
Item #1: If you're lucky enough to have an ISP that will set this up for you (pretty rare), all you need to do is use basic 'route' commands to get this running. This is the most rebust solution and doesn't require any form of IPMASQ or NAT to work.
Item #2: 1:1 NAT isn't covered in this HOWTO yet but if you need a hand, just email me and I'll give you a hand.
Item #3: this isn't IPMASQ anymore and thus I can't really help you. Fortunately, there are a few HOWTOs out there on the topic:
NOTE: If you have a bridged DSL or Cablemodem connection (not PPPoE), things are a little more difficult because your setup isn't routed. No worries though, check out the Bridge+Firewall Mini HOWTO and the Bridge+Firewall+DSL Mini HOWTO. These HOWTOs will teach you how to get your Linux box to support multiple IP addresses on a single interface!
Prev | Home | Next |
( ACCOUNTING ) - I need to do accounting on who is using the network | Up | ( Netstat ) - I'm trying to use the NETSTAT command to show my Masqueraded connections but its not working |
Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:58:18