Manager WAN IPs

Taking care of your Linux box.
mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Manager WAN IPs

Post by mejam »

Hy i am using fiber optic as my WAN...i have to LAN cards. I have 16 IP Pool from my ISP and i want to use this Pool behind my Linux firewall.Any help...?Thanks in advance.
Regards
Abdulrehman
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Does your linux firewall working in bridge mode or doing nat?
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Post by mejam »

My firewall is doing NAT...
Regards
Abdulrehman
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

You need to turn that off and make it run in bridge mode then you will be able to do that. As while doing nat your ips will be not live.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Post by mejam »

can you guide me how can i put my firewall into bridge mode..i mean what should i do next if i disable my NAT rules...
Regards
Abdulrehman
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Which flavor you using?? it is custom made firewall with iptables?? if yes then paste your rules here!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mejam,
Salam,

You can use iptables.

Code: Select all

IPT='/sbin/iptables"
WAN_IP="202.63.192.111"
LAN_IP="192.168.2.100"
${IPT} -t nat -A PREROUTING -d ${WAN_IP} -j DNAT --to ${LAN_IP}
${IPT} -t nat -A POSTROUTING -s ${LAN_IP} -j SNAT --to ${WAN_IP}
Best Regards.
Farrukh Ahmed
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Farrukh bhai is right, its simple use SNAT and DNAT options, i have used it many times, it work great. But if you are using a mail server then it might create some problems.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Re:

Post by x2oxen »

LinuxFreaK wrote:Dear mejam,
Salam,

You can use iptables.

Code: Select all

IPT='/sbin/iptables"
WAN_IP="202.63.192.111"
LAN_IP="192.168.2.100"
${IPT} -t nat -A PREROUTING -d ${WAN_IP} -j DNAT --to ${LAN_IP}
${IPT} -t nat -A POSTROUTING -s ${LAN_IP} -j SNAT --to ${WAN_IP}
Best Regards.
While doing this will all other firewall filtration rules work properly??
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear Usman bhai,

Firewall rules are read from top to bottom, so it depends on the position of the rule, where you define it.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Post by mejam »

Thank u all for ur replies...SNAT and DNAT worked for me
Regards
Abdulrehman
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear x2oxen,
Salam,
x2oxen wrote:While doing this will all other firewall filtration rules work properly??
Yes, it will work.

Best Regards.
Farrukh Ahmed
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

but why would i do that if reverse route/forward routes and ip_forwarding working fine for me!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear x2oxen,
Salam,
x2oxen wrote:but why would i do that if reverse route/forward routes and ip_forwarding working fine for me!
You are Guru and we are nothing in front of you.

Best Regards.
Farrukh Ahmed
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Dear Farrukh Bhai,

I am not a guru and never pretended to be one. I respect you very much and don't know why my statement made you so aggressive about me. I was just trying to tell another way to make above described scenario work.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
Post Reply