Re: How can i share my WAN ip to my LAN?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Thank you for all really I solved the forward/ip sharing problem...

But I see there is other problem with that like this;

This is my network structure now;
LAN(there are 3machines):
start ip:192.168.1.10
end ip: 192.168.1.12
gateway address of users: 192.168.1.100 (my server's LAN side ip address)
LAN side Server ip: 192.168.1.100

WAN(this ip comes from behind of swicth. the switch is behind of firewall and firewall is behind of router):
WAN side Server ip: 192.168.10.13
gateway address of Server:192.168.10.1

And here is the problem i thing;
The users from inside(LAN) can reach from server's WAN side ip(192.168.10.13) and they can ping it and they can take a services which is for LAN services(like ssh...etc).

I agree that pinging from LAN to gateway address(192.168.10.1). But I cant agree that pinging to server's WAN address(192.168.10.13). Do I thing wrong at this point? and last question is about how can I close/stop services for WAN side?

thanks to all of you...

sincerely yours...







2008/1/24, Alain Spineux <aspineux@xxxxxxxxx>:
On Jan 24, 2008 5:42 AM, Alain Spineux <aspineux@xxxxxxxxx> wrote:
> On Jan 23, 2008 9:43 AM, Tolun ARDAHANLI <tolun.ardahanli@xxxxxxxxxxxx> wrote:
> > Hi again to everyone;
> >
> > Guys your mails are very nice... i liked all of them...
> >
> > let me give you about my system and my need(sorry for writing these late)...
> >
> > I've got an IBM x3650 server which is open 7d/24h. It has got 2 ethernet
> > card. I would like to connect my LAN to WAN over this machine...
> >
> > LAN(there are 3machines):
> > start ip:192.168.10.10
> > end ip: 192.168.10.12
> > gateway address of users:192.168.10.13(my server's LAN side ip address)
> > LAN side Server ip: 192.168.10.13
> >
> > WAN(this ip comes from behind of swicth. the switch is behind of firewall
> > and firewall is behind of router):
> > WAN side Server ip: 10.10.1.223
> > gateway address of Server:10.10.1.111
> >
> > this is my network chances...:( i cant change them cause our company has
> > strong rules for these addresses... I want to share my WAN side ip address
> > to my LAN side...
> >
> > How can I do that on my CENTos installed server?
> >
> > thanks a lot to everybody...
>
> The short way, supposing your wan is secure and your wan interface is eth1:
>
> Disable any firewall rules on your centos,
>
> service iptables stop
> chkconfig iptables off
>
> try these commands, and if this is working put them in your /etc/init.d/rc.local
>
> # enable forwarding of packet between all interfaces
> echo 1 > /proc/sys/net/ipv4/ip_forward
> # config masquerading, any packet leaving eth1 will be masqueraded,
> taking eth1 address for source address.
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Another interesting way, is to setup only routing on your centos, and
add (ask your network manager) the route
of your internal network (I guess 192.168.10.8/29 through
192.168.10.13 ) on your firewall and maybe a similar one
on your router if the firewall is not doing NAT.
Then your firewall administrator can control the access to any of your
internal machines or make some of them reachable
from outside if for example you want to have a web server or an email
server (this is not a good idea, but you get the idea).
All of this without chnaging anything more on your centos router.

To route packet only,  without doing NAT (aka MASQUERADING or HIDE-NAT)
just use
echo 1 > /proc/sys/net/ipv4/ip_forward

Regards
>
> Regards.
>
>
> >
> >
> >
> >
> > 2008/1/22, Dennis McLeod <dmcleod@xxxxxxxxxxxxxx >:
> >
> > > I have an IPcop box setup at work. Using squidguard to keep customers from
> > > surfing porn while they are in our waiting room. (On a completely separate
> > > DSL connection..)
> > >
> > > I have an Astaro Security Gateway setup at home (on a Dell p3 precision
> > > 220). Free home license, do FAR more than your typical broadband router.
> > Not
> > > a small learning curve, though. Wireless is through a D-link DWL-7100(I
> > > think) access point in the attic.
> > > I have a Linksys wrt54g (original version) with openWRT, but it's just
> > there
> > > for backup.....
> > >
> > > Any of the above will accomplish your goal...
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: centos-bounces@xxxxxxxxxx [mailto: centos-bounces@xxxxxxxxxx] On
> > Behalf
> > > Of Alain Spineux
> > > Sent: Tuesday, January 22, 2008 6:52 AM
> > > To: CentOS mailing list
> > > Subject: Re: How can i share my WAN ip to my LAN?
> > >
> > > On Jan 22, 2008 3:17 PM, William L. Maltby < CentOS4Bill@xxxxxxxxxxxx>
> > wrote:
> > > > On Tue, 2008-01-22 at 14:49 +0100, Alain Spineux wrote:
> > > > > On Jan 22, 2008 8:46 AM, Tolun ARDAHANLI <
> > tolun.ardahanli@xxxxxxxxxxxx>
> > > wrote:
> > > > > > Hi everybody...
> > > > > >
> > > > > > How can I share my WAN ip to my LAN? How can I do that I really
> > > > > > dont know...:( I am using linux long time ago but this kind I
> > > > > > would like to do newly...
> > > > >
> > > > > Buy a small router/modem, ask your ISP for suggestions.
> > > > > This is cheap (<100$), no need to keep your computer always turned
> > > > > on, very easy to configure if you nead more features (port
> > > > > forwarding for skype, games, p2p, ....), have some builtint feature
> > > > > (dhcp, DNS proxy). Also think about wireless ......
> > > > > This is probably more secure, not because centos/linux is not, but
> > > > > because you dont know what you are doing.
> > > > >
> > > > > Of course this is less fun
> > > >
> > > > Well, I wasn't going to suggest, but since the topic of alternatives
> > > > is open...
> > >
> > > :-)
> > >
> > > Of course the main idea is to avoid to have a non firewall dedicated linux
> > > (like centos is) configured by someone without to much network knowledge
> > be
> > > in front of Internet.
> > >
> > > >
> > > > If you have an older available computer laying around, check out IPCop
> > > >
> > > >     http://www.ipcop.org/
> > > >
> > > > free, has lots of features, runs reliably, I've been on it for years,
> > > > as have others on this list. Biggest gripe I have is docs could be a
> > > > little better - they tend to not get updated to stay up with the
> > software.
> > > >
> > > > >
> > > > > Regards.
> > > > >
> > > > > >
> > > > > > Can anybody help me about IP sharing in Centos?
> > > > > >
> > > > > > thanks alot...
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Tolun ARDAHANLI
> > > > > > Bilgisayar Muhendisi
> > > > > > E-posta: tolun.ardahanli@xxxxxxxxxxxx
> > > > > > Icq:326600
> > > > > >
> > > > > > ------------------------------------------------------------------
> > > > > > ----------
> > > > > >
> > > > > > Tolun ARDAHANLI
> > > > > > Computer Engineer
> > > > > > E-mail:tolun.ardahanli@xxxxxxxxxxxx
> > > > > > Icq:326600
> > > > > ><snip sig stuff>
> > > >
> > > > HTH
> > > > --
> > > > Bill
> > > >
> > > >
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS@xxxxxxxxxx
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > >
> > >
> > >
> > > --
> > > Alain Spineux
> > > aspineux gmail com
> > > May the sources be with you
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxx
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxx
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> >
> >
> >
> > --
> >
> >
> > Tolun ARDAHANLI
> > Bilgisayar Muhendisi
> > E-posta:tolun.ardahanli@xxxxxxxxxxxx
> > Icq:326600
> >
> > ----------------------------------------------------------------------------
> >
> > Tolun ARDAHANLI
> > Computer Engineer
> > E-mail:tolun.ardahanli@xxxxxxxxxxxx
> > Icq:326600
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
>
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>



--
Alain Spineux
aspineux gmail com
May the sources be with you
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



--
Tolun ARDAHANLI
Bilgisayar Muhendisi
E-posta:tolun.ardahanli@xxxxxxxxxxxx
Icq:326600

----------------------------------------------------------------------------

Tolun ARDAHANLI
Computer Engineer
E-mail:tolun.ardahanli@xxxxxxxxxxxx
Icq:326600
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux