hi guys .. I''m linux newbie I have LAN that connected to internet. here is the pic : [internet]----------[Linux]----------[LAN] | | | 202.149.83.192-207 202.149.83.194 192.168.0.1-35 with RedHat Linux 2.4.18, how can I make every 4 ip on LAN will be 1 ip on the internet ? (sorry abt my english ) example: 192.168.0.1-4 ---> 202.149.83.195 192.168.0.4/30 --> 202.149.83.196 192.168.0.8/30 --> 202.149.83.197 . . . with my old linux (2.2.16) .. I use : modprobe dummy ifconfig dummy0 202.149.83.195 netmask 255.255.255.240 ifconfig dummy0:1 202.149.83.196 netmask 255.255.255.240 ifconfig dummy0:2 202.149.83.197 netmask 225.255.255.240 . . . ip rule add from 192.168.0.0/30 nat 202.149.83.195 ip rule add from 192.168.0.4/30 nat 202.149.83.196 ip rule add from 192.168.0.8/30 nat 202.149.83.197 . . . but It''s NOT WORKING on my new 2.4.18 Linux. what should I do ? Thanks before Yours __________________________________________________ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com
On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto wrote:> here is the pic : > > [internet]----------[Linux]----------[LAN] > | | | > 202.149.83.192-207 202.149.83.194 192.168.0.1-35Very good!> ip rule add from 192.168.0.0/30 nat 202.149.83.195 > ip rule add from 192.168.0.4/30 nat 202.149.83.196 > ip rule add from 192.168.0.8/30 nat 202.149.83.197I don''t think this syntax works anymore. I would do this with iptables, http://www.iptables.org - that syntax is far more widely used. I''m not even sure if it ever worked! Every packet coming from 192.168.0.1 or 0.2 or 0.3 will get assigned 202.149.83.195 - this is information loss, there is no way to map back. Otherwise, read the iproute documentation, it''s called ip-cref.tex I think. But I think you should use iptables and SNAT - you need a way to map packets back using a table. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Hello, On Sat, 2 Mar 2002, bert hubert wrote:> > ip rule add from 192.168.0.0/30 nat 202.149.83.195 > > ip rule add from 192.168.0.4/30 nat 202.149.83.196 > > ip rule add from 192.168.0.8/30 nat 202.149.83.197 > > I don''t think this syntax works anymore. I would do this with iptables,There is a small patch that fixes this for Netfilter but don''t expect it in the mainstream kernels. The current status is 0 votes for it and it can be replaced with iptables rules, of course, it is useful for complex setups. Here it is: http://www.linuxvirtualserver.org/~julian/#rtmasq It also fixes bugs that nobody wants to fix already for months.> Regards, > > bertRegards -- Julian Anastasov <ja@ssi.bg>
On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto wrote:> hi guys .. I''m linux newbie > I have LAN that connected to internet. > here is the pic : > > [internet]----------[Linux]----------[LAN] > | | | > 202.149.83.192-207 202.149.83.194 192.168.0.1-35 > > with RedHat Linux 2.4.18, how can I make every 4 ip on > LAN will be 1 ip on the internet ? (sorry abt my > english ) > example: > > 192.168.0.1-4 ---> 202.149.83.195 > 192.168.0.4/30 --> 202.149.83.196 > 192.168.0.8/30 --> 202.149.83.197You are actually saying that your system was masquerading.> with my old linux (2.2.16) .. > I use : > modprobe dummy > ifconfig dummy0 202.149.83.195 netmask 255.255.255.240 > ifconfig dummy0:1 202.149.83.196 netmask > 255.255.255.240 > ifconfig dummy0:2 202.149.83.197 netmask > 225.255.255.240 > . > . > . > ip rule add from 192.168.0.0/30 nat 202.149.83.195 > ip rule add from 192.168.0.4/30 nat 202.149.83.196 > ip rule add from 192.168.0.8/30 nat 202.149.83.197 > . > . > . > > but It''s NOT WORKING on my new 2.4.18 Linux.This is on 2.2 a way to masquerade from specific ip adresses. As you can read in the ip manual, it really uses the ipchains masquarading stuff. As it also says in the manual that this has completely been removed (except for fastnat) from that layer, since netfilter does it good.> what should I do ?Use netfilter/iptables. iptables -t nat --append POSTROUTING --source 192.168.0.0/30 --jump SNAT --to-source 202.149.83.195 Or something like that. -- <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html Let your government know you value your freedom. Sign the petition: http://petition.eurolinux.org/