any one active here pls .. I got some brainstormings :P
while I was surfing the internet , I got a rapidshare warning, "your ip xxx.public.xxx.110 is already downloading a file.." Though I have a bunch of public ips, I have got only one server , and only one connections..
To change .. I have to add some switches which I don't like to do now..
I just want a public ip xxx.public.xxx.55 for my single purpose use.. while other users may be using xxx.public.xxx.110 as their NAT masqueraded ip.
In that case my users will be using xxx.public.xxx.110 (alias eth0) for rapidshare download.. (may be routing works or some thing like that) (alias eth1:1
192.168.0.1/24 -> other users at my local lan)and I will be using xxx.public.xxx.55 (alias eth0:2) for my single purpose.. (alias eth1:2 (172.168.0.1-> me at another windows box ->
172.168.0.20) )Though the dhcpd provides ip of 192.168.0.0/24 -> gateway (192.168.0.1) , I use a manual ip of 172.168.0.20 -> gateway-> 172.168.0.1 which is working upto now..
well I think this is .. stuffs related to : SNATting and DNATting.. masquerading.. 1:1 NATting
+---------------------------+ | Internet Cloud-- | | VSAT | +---------------------------+ | | | xxx.public.xxx.1 | |-----------------------------------------------------------------------------------------------------------------------------| | | |xxx.public.xxx.2 | |
xxx.public.xxx.3 ... |
xxx.public.xxx.110 (eth0) --- xxx.public.xxx.55(eth0:2) | |
+--------------------------------+ | 10.0.0.1(eth1) | | 192.168.0.1 (eth1:1) | | 172.168.0.1(eth1:2) | +-------------------------------+ | |
-----------------------------------------------------------------------------------------------
-------------[Automatic boot via rc.local ] /etc/rc.local ..... a rajesh #these are shell scripts described below a enable #shell script running ... ......
----------------------------------------------------------------------------------------------- #!/bin/sh PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" LONGNAME="Shell script for ping utils" NAME="a" set -e # Main Loop case $1 in rajesh) FWVER=0.76 echo -e "\\n\\nLoading simple rc.firewall-iptables version $FWVER..\\n" IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe EXTIF="eth0" INTIF="eth1" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" echo "----------------------------------------------------------------------" echo -en "ip_tables, " $MODPROBE ip_tables echo -en "ip_conntrack, " $MODPROBE ip_conntrack echo -en "ip_conntrack_ftp, " $MODPROBE ip_conntrack_ftp echo -en "ip_conntrack_irc, " $MODPROBE ip_conntrack_irc echo -en "iptable_nat, " $MODPROBE iptable_nat echo -en "ip_nat_ftp, " $MODPROBE ip_nat_ftp echo " " echo "----------------------------------------------------------------------" echo " " echo -e " Done loading modules.\\n" echo " Enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward echo " Enabling DynamicAddr.." echo "1" > /proc/sys/net/ipv4/ip_dynaddr echo " Clearing any existing rules and setting default policy.." $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F echo " FWD: Allow all connections OUT and only existing and related ones IN" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE echo -e "\\nrc.firewall-iptables v$FWVER done.\\n"
iptables -F #flush all tables #now enable forwarding to special users echo "iptables -A FORWARD -d 10.0.0.9 -j ACCEPT" echo "iptables -A FORWARD -s 10.0.0.9 -j ACCEPT" echo " iptables -A FORWARD -d 10.0.0.10 -j ACCEPT" echo "iptables -A FORWARD -s 10.0.0.10 -j ACCEPT" iptables -A FORWARD -d 10.0.0.20 -j ACCEPT iptables -A FORWARD -s 10.0.0.20 -j ACCEPT
############### This is my box ######################### echo "This is my box " iptables -A FORWARD -d 172.168.0.20 -j ACCEPT iptables -A FORWARD -s 172.168.0.20 -j ACCEPT ############ This is my box #############################
;;
############### Enabling forwading for all ############## enable) iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT ;;
#######################################################3
*) N=$NAMEexit 1 ;; esac
exit 0
----------------------------------------------------------------------------
THE ABOVE SCRIPT IS WHAT I AM RUNNING ..., MASQUERADING FOR ALL MY USERS.. I HAVE ONLY TWO ETHERNETS, ONE ETH0-:XXX.PUBLIC.XXX.110, AND ETH0:2 XXX.PUBLIC.XXX.55 ETH1: 10.0.0.1 ETH1:1 192.168.0.1 ETH1:2 172.168.0.1 DHCP VIA ETH1:1 (192.168.0.1) ALL PEOPLE USE INTERNET VIA ETH1:1
--------------
well let me explain my problem.. okay dudes.. I got a VSAT and 128 public ips WAN but I am using only one public ip. , with a server .. my gateway is xxx.public.xxx.1 I am using xxx.public.xxx.110 (my Server with proxy, iptables and all I have) eth0 is xxx.public.xxx.110, eth1:1 is 192.168.0.1 eth1:2 is 172.168.0.1 AS EXPLAINED ABOVE
now I want to add eth0:2 as xxx.public.xxx.55 and eth1:2 (172.168.0.1) to SNAT .. for all traceroute will show: like this:
172.168.0.20 (me) -> 172.168.0.1(my box)[xxx.public.xxx.110] ->xxx.public.xxx.1-> Cloud of Internet
192.168.0.20 (me) -> 192.168.0.1(my box)[xxx.public.xxx.110] ->xxx.public.xxx.1-> Cloud of Internet now I just want to change : 172.168.0.20 (me) -> 172.168.0.1(my box)[xxx.public.xxx.55] -> xxx.public.xxx.1-> Cloud of Internet both xxx.public.xxx.110 and xxx.public.xxx.55 working for different ip aliases external aliases [eth0:2 (xxx.public.xxx.55) ] === working with [ eth1:2 (172.168.0.1) ] external aliases [eth0:0 (xxx.public.xxx.110) ] === working with [ eth1:1 (192.168.0.1) ]
---------------------------------------------------
---------------------------