Search This Blog

Thursday, November 22, 2007

Re: only 8 fixed IP's but 42 physical servers (routing with iptables)

Am 2007-11-19 16:12:55, schrieb Pascal Hambourg:
> Hello,
>
> Michelle Konzack a écrit :
> >
> >I have a client with a SDSL 3.5 Mbit <nerim.net> and only 8 fixed IP's.
>
> Do you mean a /29 IP subnet ?

Yes

> > ISP 12port |D R|
> >nerim.net---SDSL---SWITCH---NIC1-|E O|-NIC2-192.168.0.0/255.255.255.192
> > ||| |B U|-NIC3-192.168.0.64/255.255.255.192
> > Courier 1 _____/ || |I T|-NIC4-192.168.0.128/255.255.255.192
> > Courier 2 ______/ | |A E|-NIC5-192.168.0.192/255.255.255.192
> > Apache-SSL ______/ |N R|
> > +---+
> >
> >The two physical mailservers (courier) have already there own IP-Address
> >and the same for the Apache-SSL. the other 5 IP's are associated to the
> >5 NIC's.
>
> What do you mean by "associated" ? By the way, aren't 3 out of the 8 IP

Configured the NIC with one fixed IP each, but yesterday I have removed
it and used only the private network. AFAIK, do I not need to configure
the NIC2 to NIC5 with fixed IP's since I do bridging between the SDSL-
Router and the Debian-Router where on the later one I masquerade the
private networks to the fixed IP from NIC1

> addresses reserved as network, broadcast and gateway addresses ?

No, the customer has goten 8 full usable IP's in a block
(but the thing with the "block" /29 can be changed, since I have
the same ISP in Colmar and there I have 8 non-continueing IP'S)

> [...]
> >Now I have tried to "ipmask" the four subnets to each one fixed IP
>
> Do you mean "masquerade" ?

Yes

> >but it seems not to work (from inside, speak, no workstation get an
> >internet connection)
>
> There could be many causes. Hard to tell without knowing the Debian
> router networking setup.

The current router is a "3Com NetBuilder II" which need to be replaced
urgently and I have currently the Debian router "to play" if no one is
working (at night) in the Enterprise...

What I have currently done is:

1) Setup the SDSL modem as bridge for 5 IP'S.
2) Configured the 3 "external" Server with each a fixed IP and they
are working already
3) Configured the NIC1 from the router with a fixed IP
(I do not know, whether this is needed)
4) Configured the Debian Router NIC2, NIC3, NIC4 and NIC5 with with
each one private network (see ascii art)
5) "masquerade" the 4 private networks to the fixed IP of NIC1
6) Activated "forwarding" in the kernel

So now I can from ALL computer in the 4 private networks access ALL
computers in the 4 private networks, BUT, I can not access the two
"courier" and the "apache" server, nor I can reach the internet.

Maybe I have made an error with the bridging on the Debian router (the
HOWTOS are a mess and hopeless outdated), since if I remove it it has
no positive or negative effect, nor I have any error messages.

In the SDSL-Router there is only one option (per IP) to klick, if you
want to have the fixed IP's to bridge.

Thanks, Greetings and nice Day
Michelle Konzack


--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

No comments: