[ Prev ] [ Table of Contents ] [ Front Page ] [ FAQ ] [ Next ]


(?) The Answer Guy (!)


By James T. Dennis, linux-questions-only@ssc.com
LinuxCare, http://www.linuxcare.com/


(?) Getting Addresses Routed: Use IP Masquerading or Application Proxies

From Future Systems Today on Thu, 08 Jun 2000

ok, here it is... I have a suse linux 6.3 server that is using a cable modem and has a static ip address from my isp which is 63.92.157.x. The isp also is being used as my dns and gateway on my first nic on that server. Everytime i change the ip address of my second nic to something other than 63.92.157.x I have no internet connection. What should i do or how do i trouble shoot this also i tried to connect my other ms pc's through this box to the internet but since i am trying to go through the ip address that the isp is giving me then i am getting a error message.

Is there a way to get internet access through my server which has the ip address that the isp gave me and make it look like it is connecting rather than a ip address that i gave a machine.

Thanks Joe

(!) (Short answer: use IP masquerading or SOCKS).
What you're asking for is called "IP Masquerading" or "network address translation" (NAT). Technically IP masquerading is a particular form of network address/port translation.
I've written about this on a number of occasions, and a search on LG (http://www.linuxgazette.com/search.html) shows over 120 matches on the phrase (ip;masq).
Here's a link to an LG article by Mark Nielsen and Andrew Byrd "Private Networks and Roadrunner using IP Masquerading LG #51" (http://www.linuxgazette.com/issue51/nielsen.html) that's probably just what you need to get started.
Also the LDP (Linux Documentation Project) has a reasonably up-to-date HOWTO on this topic:
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html
... so you should read those and see if that explains it. (I can understand why one wouldn't know the magic keywords for this concept, and thus wouldn't have been able to find this).
If you get stuck on some of the assumptions that these articles and HOWTOs will make then you might want to read my article on "Routing and Subnetting 101" (http://www.linuxgazette.com/issue36/tag/a.html) which goes into related topics in some detail.
Keep in mind that you could also configure your Linux box as a "proxy" server (more formally it could be an "applications level proxy"). In this case your other machines never talk "directly" to the Internet, but the applications talk to a "proxy" application/server on your router (your Linux box). That proxy then performs the Internet requests on behalf of your applications and relays the results back to you.
There are many freely available proxy packages for Linux including NEC Socks 5, Dante, Delegate (all using the SOCKS standards), and specific proxies for specific applications (like squid which is a caching proxy). You could do a search on "proxy" or "applications;proxy" to read more about that.
The reason that IP masquerading has become somewhat more common and popular than applications proxying is that it is more transparent. When using applications proxying you have to configure each system and many individual applications to use the proxy. On the other hand proxying is technically a better, cleaner and probably more secure way to build a good network.
In either case you should be sure that you don't pick addresses "out of the blue." There are sets of addresses that are reserved for use behind proxying and IP masquerading firewalls and routers, and on other "disconnected" networks (those that will never interconnect to the Internet). Those are defined in RFC 1918. (RFCs are "request for comment" documents; proposals to the corpus of the Internet about how things should be done. They are basically drafts that become Internet standards).
RFC 1918 basically assures us that the IANA (Internet assigned numbers authority) and its delegates (like ARIN, the American Registry for Internet Numbers) will never issue the following address blocks to any organization on the Internet:
    192.168.*.*
    172.16.*.* through 172.31.*.*
    10.*.*.*
So those are available for use on "disconnected" networks. (This also explains by most examples in textbooks and online technical discussions about IP use the 10.* and 192.168.* address ranges; most people don't remember the 172.... Class B set).


Copyright © 2000, James T. Dennis
Published in The Linux Gazette Issue 55 July 2000
HTML transformation by Heather Stern of Tuxtops, Inc., http://www.tuxtops.com/


[ Answer Guy Current Index ] greetings   1   2   3   4   5   6   7   8   9   10   11   12   13  
14   15   16   17   18   19   20   21   22  
[ Index of Past Answers ]


[ Prev ] [ Table of Contents ] [ Front Page ] [ FAQ ] [ Next ]