I have the following issue. According to my ISP I have 5 public IPs.
Currently I have two computers connected to the internet using a
router. So basically I am using only one *public* IP. I was wondering
if there was any way to assign each of the computers different public
IPs through some translation table??
Since these are dynamic IPs I am thinking you would have to work
around a Dynamic NAT.
My setup is the following:
1) Machine 1: RedHat Linux 8.0
2) Machine 2: Windows 2000 Server.
3) Netgear RP614 Router (which apparently has built-in NAT translation
capabilities, although I couldn't find out how to set it up).
4) I also have a switch lying around, which I am not using.
(NOTE: If you are using iptables then please give the details as to
what needs to be chained).
Thanks
Salman. |
Request for Question Clarification by
aht-ga
on
18 Feb 2004 23:18 PST
salman1-ga:
The Network Address Translation capabilities of the Netgear RP614,
like almost all consumer-grade router gateways, is activated by
default. The router can only do NAT, it cannot do pass-through. While
there are higher-end units capable of doing this, the RP614 is not one
of them.
If you have a switch, then your solution is simply to connect the
switch between your PCs and your cable or DSL modem. Since you mention
that your ISP allows you up to 5 DHCP-assigned public IP addresses,
I'm guessing that you have a cable Internet service.
Is there any particular reason why you would need to use the RP614, or
can I provide you an Answer centred around using the switch instead?
Regards,
aht-ga
Google Answers Researcher
|
Clarification of Question by
salman1-ga
on
19 Feb 2004 11:12 PST
aht-ga:
Thank you for your reply. Unfortunately, I must use the router because
I forwarding requests based on the ports (commonly known as port
forwarding).
Please let me know what type of routers (not too expensive) would
allow me to port forward + allow pass-through NAT.
Thanks
|
Clarification of Question by
salman1-ga
on
19 Feb 2004 11:15 PST
Also with pass-through NAT would the router still act as a DHCP? As
far as I can understand I think it would have to, but please clarify
that.
Thanks
|
Request for Question Clarification by
aht-ga
on
19 Feb 2004 15:06 PST
The challenge is that if you are using two public IP addresses, then
port forwarding no longer as relevant or valid as when you are using
private IP addresses. When you are using private IP addresses behind a
NAT-capable, port-forwarding router, then to the outside world it
appears that your multiple machines are simply one single machine.
If your machines have individual public IP addresses, then
port-forwarding would confuse the matter.. basically, a request sent
to port 80 of a specific IP address, should receive a response from
that address. That is only possible if all of the machines are hiding
behind a single, address-translating router (ie. appearing as a single
machine).
With two public IP addresses, you are better off treating them
separately, meaning that each one handles all requests sent to its
individual address.
Perhaps your needs are actually better served using the configuration
you already have, namely private IPs behind a NAT router? Can you
perhaps describe, as best as you can considering this is a public
forum, why you would like to have public IP addresses for these two
machines?
Thanks,
aht-ga
|
Clarification of Question by
salman1-ga
on
19 Feb 2004 16:22 PST
aht-ga
Actually now that I think about it I don't need port forwarding if I
have multiple public IPs. Currently I have two machines (call it C1
and C2) connected to the router one them of being: Linux and the other
a Windows machine. All requests (SSH and HTTP) are served by the Linux
machine. I have some simple port forwards setup to handle that.
However I really enjoy the fact that my router by default blocks all
ports; which helps me because internally I have IIS turned on and I
don't want public access to that (now and then I will do some ASP.NET
testing and so on).
So I think if I clarified what I really wanted it would help you. This
is what I want to do: As the setup is now: if you go to
www.setcomputing.com my Linux machine will serve the request (only
HTTP and SSH).
I want to have the ability to go to: dev.setcomputing.com which I want
my windows machine to respond to. If I have two public IPs each
assigned to C1 and C2 I can easily distinguish between them. I have
access to the name-server so an entry to dev.setcomputing.com will not
be a problem.
Thanks!
|
Request for Question Clarification by
aht-ga
on
19 Feb 2004 18:56 PST
salman1-ga:
Forgive me, but I still need some clarification to be able to provide
you with an Answer.
Based on our conversation to date, it appears to me that you like the
idea of using two separate public IPs assigned by your ISP, so that
you can reach either machine directly using their individual URLs
(which your name server will map to the appropriate machine). The
disadvantage is that you would still like to have some ports be closed
to the outside world, but you occasionally do .NET development and
testing on the Windows machine.
To do this properly requires an enterprise-grade firewall. I suspect
that such a purchase would be a little too expensive for your tastes
(as I know that it's much too expensive for mine!). So, the next best
option is to install software firewalls on each machine, and to
configure the firewall on the Windows machine to only pass-through
traffic that originates internally (loop-back), or from a known-good
IP address.
If I structure an Answer along these lines (ie. s/w firewalls on the
two machines), would that be an acceptable Answer?
Regards,
aht-ga
Google Answers Researcher
|
