Manager WAN IPs

Taking care of your Linux box.

Manager WAN IPs

Postby mejam » Mon Jan 05, 2009 3:56 pm

Hy i am using fiber optic as my WAN...i have to LAN cards. I have 16 IP Pool from my ISP and i want to use this Pool behind my Linux firewall.Any help...?Thanks in advance.
Regards
Abdulrehman
mejam
Havaldaar
 
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
WLM: bmw1000cc@hotmail.com
Yahoo Messenger: vagabond_aw@yahoo.com
Location: Lahore

Postby x2oxen » Thu Jan 08, 2009 7:49 pm

Does your linux firewall working in bridge mode or doing nat?
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mejam » Fri Jan 09, 2009 10:56 am

My firewall is doing NAT...
Regards

Abdulrehman
mejam
Havaldaar
 
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
WLM: bmw1000cc@hotmail.com
Yahoo Messenger: vagabond_aw@yahoo.com
Location: Lahore

Postby x2oxen » Fri Jan 09, 2009 12:36 pm

You need to turn that off and make it run in bridge mode then you will be able to do that. As while doing nat your ips will be not live.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mejam » Fri Jan 09, 2009 2:13 pm

can you guide me how can i put my firewall into bridge mode..i mean what should i do next if i disable my NAT rules...
Regards

Abdulrehman
mejam
Havaldaar
 
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
WLM: bmw1000cc@hotmail.com
Yahoo Messenger: vagabond_aw@yahoo.com
Location: Lahore

Postby x2oxen » Sat Jan 10, 2009 1:34 pm

Which flavor you using?? it is custom made firewall with iptables?? if yes then paste your rules here!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Re:

Postby LinuxFreaK » Mon Jan 12, 2009 9:40 am

Dear mejam,
Salam,

You can use iptables.

Code: Select all

IPT='/sbin/iptables"
WAN_IP="202.63.192.111"
LAN_IP="192.168.2.100"
${IPT} -t nat -A PREROUTING -d ${WAN_IP} -j DNAT --to ${LAN_IP}
${IPT} -t nat -A POSTROUTING -s ${LAN_IP} -j SNAT --to ${WAN_IP}


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby mudasir » Tue Jan 13, 2009 3:04 am

AOA,

Farrukh bhai is right, its simple use SNAT and DNAT options, i have used it many times, it work great. But if you are using a mail server then it might create some problems.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Re:

Postby x2oxen » Tue Jan 13, 2009 10:48 am

LinuxFreaK wrote:Dear mejam,
Salam,

You can use iptables.

Code: Select all

IPT='/sbin/iptables"
WAN_IP="202.63.192.111"
LAN_IP="192.168.2.100"
${IPT} -t nat -A PREROUTING -d ${WAN_IP} -j DNAT --to ${LAN_IP}
${IPT} -t nat -A POSTROUTING -s ${LAN_IP} -j SNAT --to ${WAN_IP}


Best Regards.


While doing this will all other firewall filtration rules work properly??
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby mudasir » Tue Jan 13, 2009 2:09 pm

AOA,

Dear Usman bhai,

Firewall rules are read from top to bottom, so it depends on the position of the rule, where you define it.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby mejam » Thu Jan 15, 2009 1:24 pm

Thank u all for ur replies...SNAT and DNAT worked for me
Regards

Abdulrehman
mejam
Havaldaar
 
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
WLM: bmw1000cc@hotmail.com
Yahoo Messenger: vagabond_aw@yahoo.com
Location: Lahore

Re:

Postby LinuxFreaK » Wed Jan 21, 2009 10:55 am

Dear x2oxen,
Salam,

x2oxen wrote:While doing this will all other firewall filtration rules work properly??


Yes, it will work.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby x2oxen » Fri Jan 23, 2009 1:00 am

but why would i do that if reverse route/forward routes and ip_forwarding working fine for me!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Re:

Postby LinuxFreaK » Fri Jan 23, 2009 1:23 pm

Dear x2oxen,
Salam,

x2oxen wrote:but why would i do that if reverse route/forward routes and ip_forwarding working fine for me!


You are Guru and we are nothing in front of you.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby x2oxen » Mon Jan 26, 2009 9:43 pm

Dear Farrukh Bhai,

I am not a guru and never pretended to be one. I respect you very much and don't know why my statement made you so aggressive about me. I was just trying to tell another way to make above described scenario work.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron