LARTC - Aug 2005 - How to set a host with public IP within a private network?

Hello! I have the following setup:
1) a connection to my ISP with a public IP (1.2.3.4)
with the gateway 1.2.3.1
2) an allocated IP class with 64 addresses
(5.6.7.192/26)
3) two LANs connected through two NICs:
    a) 192.168.0.0/24 on eth1 (192.168.0.1)
    b) 10.0.0.0/24 on eth2 (10.0.0.1)

The IPs from the allocated class are all assigned to
eth0.
The networks are SNATed to the external IP and to all
IPs in the allocated class in a round-robin fashion.
 (-j SNAT --to 1.2.3.4 lowest_IP_in_class
highest_IP_in_class)

My question is:
Is it possible to assign one IP from my allocated
class to an internal machine without changing eth1 or
eth2 IPs *OR* without adding a subclass of my
allocated class to eth1 or eth2 in order to give an ip
to an internal networked machine?
What command should i give if that setup is possible?
Desired Network Diagram:

    ----------
/---|Internet|
|   ----------
|eth0                  192.168.0.1           10.0.0.1
|  ----------             eth1                 eth2
\--| Linux  |--------------v--------------------v
   | Router |              |                    |
   ----------              |                    |
                           |                    |
      -------------        |      ----------    |
      |192.168.0.2|--------<      |10.0.0.2|----<
      -------------        |      ----------    |
            .              |           .        |
            .              |           .        |
            .              |           .        |
     ---------------       |      ------------  |
     |192.168.0.254|-------<      |10.0.0.254|--<
     ---------------       |      ------------
                           |
                           |
     -----------           |
     |5.6.7.201|-----------<
     -----------

I would de-assign some of the addresses from eth0 to
re-assign them to locally connected computers...

Thank you in advance for your help!



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

I think you want to take a look at a bridging router.  I would be 
tempted to set up a bridge between eth0 and eth1 on the Linux router and 
then use ebtables to decide if the traffic should be bridged through or 
sent up to the higher layers of the protocol stacks.  I have a feeling 
that you would have to move all IP addresses from eth0 to br0 (the new 
bridge interface).  I think you would have a command like this to decide 
if an IP needed to be routed or bridged.

ebtables -t broute -A BROUTING -d 5.6.7.201-j ACCEPT
ebtables -t broute -A BROUTING -s 5.6.7.201 -j ACCEPT
ebtables -t broute -A BROUTING -j DROP

An excerpt from the EBTables man page:

*broute*, is used to make a brouter, it has one built-in chain: 
*BROUTING*. The targets *DROP* and *ACCEPT* have special meaning in the 
broute table. *DROP* actually means the frame has to be routed, while 
*ACCEPT* means the frame has to be bridged. The *BROUTING* chain is 
traversed very early. It is only traversed by frames entering on a 
bridge enslaved NIC that is in forwarding state. Normally those frames 
would be bridged, but you can decide otherwise here. The *redirect* 
target is very handy here.

Give this a whirl and see if it will do any thing for you.  If you need 
more specifics just ask.



Grant. . . .

panca sorin wrote:
>Hello! I have the following setup:
>1) a connection to my ISP with a public IP (1.2.3.4)
>with the gateway 1.2.3.1
>2) an allocated IP class with 64 addresses
>(5.6.7.192/26)
>3) two LANs connected through two NICs:
>    a) 192.168.0.0/24 on eth1 (192.168.0.1)
>    b) 10.0.0.0/24 on eth2 (10.0.0.1)
>
>The IPs from the allocated class are all assigned to
>eth0.
>The networks are SNATed to the external IP and to all
>IPs in the allocated class in a round-robin fashion.
> (-j SNAT --to 1.2.3.4 lowest_IP_in_class
>highest_IP_in_class)
>
>My question is:
>Is it possible to assign one IP from my allocated
>class to an internal machine without changing eth1 or
>eth2 IPs *OR* without adding a subclass of my
>allocated class to eth1 or eth2 in order to give an ip
>to an internal networked machine?
>What command should i give if that setup is possible?
>Desired Network Diagram:
>
>    ----------
>/---|Internet|
>|   ----------
>|eth0                  192.168.0.1           10.0.0.1
>|  ----------             eth1                 eth2
>\--| Linux  |--------------v--------------------v
>   | Router |              |                    |
>   ----------              |                    |
>                           |                    |
>      -------------        |      ----------    |
>      |192.168.0.2|--------<      |10.0.0.2|----<
>      -------------        |      ----------    |
>            .              |           .        |
>            .              |           .        |
>            .              |           .        |
>     ---------------       |      ------------  |
>     |192.168.0.254|-------<      |10.0.0.254|--<
>     ---------------       |      ------------
>                           |
>                           |
>     -----------           |
>     |5.6.7.201|-----------<
>     -----------
>
>I would de-assign some of the addresses from eth0 to
>re-assign them to locally connected computers...
>
>Thank you in advance for your help!
>
>
>
>		
>____________________________________________________
>Start your day with Yahoo! - make it your home page 
>http://www.yahoo.com/r/hs 
> 
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>  
>

I would try this :
 - assign the IP to PC (and 192.168.0.1 as gateway)
On the router:
 - set up NAT to not touch packets sent to/from that IP
 - set up a route to that IP thru eth1

(do not complicate :-)

-----Original Message-----
From: panca sorin <psihozefir@yahoo.com>
To: lartc@mailman.ds9a.nl
Date: Tue, 2 Aug 2005 10:38:37 -0700 (PDT)
Subject: [LARTC] How to set a host with public IP within a private network?
> Hello! I have the following setup:
> 1) a connection to my ISP with a public IP (1.2.3.4)
> with the gateway 1.2.3.1
> 2) an allocated IP class with 64 addresses
> (5.6.7.192/26)
> 3) two LANs connected through two NICs:
>     a) 192.168.0.0/24 on eth1 (192.168.0.1)
>     b) 10.0.0.0/24 on eth2 (10.0.0.1)
> 
> The IPs from the allocated class are all assigned to
> eth0.
> The networks are SNATed to the external IP and to all
> IPs in the allocated class in a round-robin fashion.
>  (-j SNAT --to 1.2.3.4 lowest_IP_in_class
> highest_IP_in_class)
> 
> My question is:
> Is it possible to assign one IP from my allocated
> class to an internal machine without changing eth1 or
> eth2 IPs *OR* without adding a subclass of my
> allocated class to eth1 or eth2 in order to give an ip
> to an internal networked machine?
> What command should i give if that setup is possible?
> Desired Network Diagram:
> 
>     ----------
> /---|Internet|
> |   ----------
> |eth0                  192.168.0.1           10.0.0.1
> |  ----------             eth1                 eth2
> \--| Linux  |--------------v--------------------v
>    | Router |              |                    |
>    ----------              |                    |
>                            |                    |
>       -------------        |      ----------    |
>       |192.168.0.2|--------<      |10.0.0.2|----<
>       -------------        |      ----------    |
>             .              |           .        |
>             .              |           .        |
>             .              |           .        |
>      ---------------       |      ------------  |
>      |192.168.0.254|-------<      |10.0.0.254|--<
>      ---------------       |      ------------
>                            |
>                            |
>      -----------           |
>      |5.6.7.201|-----------<
>      -----------
> 
> I would de-assign some of the addresses from eth0 to
> re-assign them to locally connected computers...
> 
> Thank you in advance for your help!
> 
> 
> 
> 		
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

I did this and apparently, it works:
1) I set up proxy arp for the internal and the
external NICs:
echo 1 > /proc/sys/net/ipv4/conf/$EXT1/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$INT1/proxy_arp

EXT1=eth0;INT1=eth1

then:
ip route add $IP dev $INT1
where IP=81.196.157.254

and from the Internet:
ping 81.196.157.254
i get replys.

i set on 81.196.157.193 (WinXP) this:
IP addres: 81.196.157.254 netmask 255.255.255.192 gw
192.168.101.1 (router''s internal ip)



		
__________________________________ 
Yahoo! Mail for Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail

i forgot something:
on router: route add -host 81.196.157.254 dev eth1

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com