[CentOS] How can i share my WAN ip to my LAN?

Fri Jan 25 08:37:56 UTC 2008
Tolun ARDAHANLI <tolun.ardahanli at linux.org.tr>

Thank you for all really I solved the forward/ip sharing problem...

But I see there is other problem with that like this;

This is my network structure now;
LAN(there are 3machines):
start ip:192.168.1.10 <http://192.168.10.10/>
end ip: 192.168.1.12 <http://192.168.10.12/>
gateway address of users: 192.168.1.100 (my server's LAN side ip address)
LAN side Server ip: 192.168.1.100 <http://192.168.10.13/>

WAN(this ip comes from behind of swicth. the switch is behind of firewall
and firewall is behind of router):
WAN side Server ip: 192.168.10.13 <http://10.10.1.223/>
gateway address of Server:192.168.10.1 <http://10.10.1.111/>

And here is the problem i thing;
The users from inside(LAN) can reach from server's WAN side ip(192.168.10.13)
and they can ping it and they can take a services which is for LAN
services(like ssh...etc).

I agree that pinging from LAN to gateway address(192.168.10.1). But I cant
agree that pinging to server's WAN address(192.168.10.13). Do I thing wrong
at this point? and last question is about how can I close/stop services for
WAN side?

thanks to all of you...

sincerely yours...







2008/1/24, Alain Spineux <aspineux at gmail.com>:
>
> On Jan 24, 2008 5:42 AM, Alain Spineux <aspineux at gmail.com> wrote:
> > On Jan 23, 2008 9:43 AM, Tolun ARDAHANLI <tolun.ardahanli at linux.org.tr>
> wrote:
> > > Hi again to everyone;
> > >
> > > Guys your mails are very nice... i liked all of them...
> > >
> > > let me give you about my system and my need(sorry for writing these
> late)...
> > >
> > > I've got an IBM x3650 server which is open 7d/24h. It has got 2
> ethernet
> > > card. I would like to connect my LAN to WAN over this machine...
> > >
> > > LAN(there are 3machines):
> > > start ip:192.168.10.10
> > > end ip: 192.168.10.12
> > > gateway address of users:192.168.10.13(my server's LAN side ip
> address)
> > > LAN side Server ip: 192.168.10.13
> > >
> > > WAN(this ip comes from behind of swicth. the switch is behind of
> firewall
> > > and firewall is behind of router):
> > > WAN side Server ip: 10.10.1.223
> > > gateway address of Server:10.10.1.111
> > >
> > > this is my network chances...:( i cant change them cause our company
> has
> > > strong rules for these addresses... I want to share my WAN side ip
> address
> > > to my LAN side...
> > >
> > > How can I do that on my CENTos installed server?
> > >
> > > thanks a lot to everybody...
> >
> > The short way, supposing your wan is secure and your wan interface is
> eth1:
> >
> > Disable any firewall rules on your centos,
> >
> > service iptables stop
> > chkconfig iptables off
> >
> > try these commands, and if this is working put them in your
> /etc/init.d/rc.local
> >
> > # enable forwarding of packet between all interfaces
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > # config masquerading, any packet leaving eth1 will be masqueraded,
> > taking eth1 address for source address.
> > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> Another interesting way, is to setup only routing on your centos, and
> add (ask your network manager) the route
> of your internal network (I guess 192.168.10.8/29 through
> 192.168.10.13 ) on your firewall and maybe a similar one
> on your router if the firewall is not doing NAT.
> Then your firewall administrator can control the access to any of your
> internal machines or make some of them reachable
> from outside if for example you want to have a web server or an email
> server (this is not a good idea, but you get the idea).
> All of this without chnaging anything more on your centos router.
>
> To route packet only,  without doing NAT (aka MASQUERADING or HIDE-NAT)
> just use
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Regards
> >
> > Regards.
> >
> >
> > >
> > >
> > >
> > >
> > > 2008/1/22, Dennis McLeod <dmcleod at foranyauto.com >:
> > >
> > > > I have an IPcop box setup at work. Using squidguard to keep
> customers from
> > > > surfing porn while they are in our waiting room. (On a completely
> separate
> > > > DSL connection..)
> > > >
> > > > I have an Astaro Security Gateway setup at home (on a Dell p3
> precision
> > > > 220). Free home license, do FAR more than your typical broadband
> router.
> > > Not
> > > > a small learning curve, though. Wireless is through a D-link
> DWL-7100(I
> > > > think) access point in the attic.
> > > > I have a Linksys wrt54g (original version) with openWRT, but it's
> just
> > > there
> > > > for backup.....
> > > >
> > > > Any of the above will accomplish your goal...
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: centos-bounces at centos.org [mailto: centos-bounces at centos.org]
> On
> > > Behalf
> > > > Of Alain Spineux
> > > > Sent: Tuesday, January 22, 2008 6:52 AM
> > > > To: CentOS mailing list
> > > > Subject: Re: [CentOS] How can i share my WAN ip to my LAN?
> > > >
> > > > On Jan 22, 2008 3:17 PM, William L. Maltby <
> CentOS4Bill at triad.rr.com>
> > > wrote:
> > > > > On Tue, 2008-01-22 at 14:49 +0100, Alain Spineux wrote:
> > > > > > On Jan 22, 2008 8:46 AM, Tolun ARDAHANLI <
> > > tolun.ardahanli at linux.org.tr>
> > > > wrote:
> > > > > > > Hi everybody...
> > > > > > >
> > > > > > > How can I share my WAN ip to my LAN? How can I do that I
> really
> > > > > > > dont know...:( I am using linux long time ago but this kind I
> > > > > > > would like to do newly...
> > > > > >
> > > > > > Buy a small router/modem, ask your ISP for suggestions.
> > > > > > This is cheap (<100$), no need to keep your computer always
> turned
> > > > > > on, very easy to configure if you nead more features (port
> > > > > > forwarding for skype, games, p2p, ....), have some builtint
> feature
> > > > > > (dhcp, DNS proxy). Also think about wireless ......
> > > > > > This is probably more secure, not because centos/linux is not,
> but
> > > > > > because you dont know what you are doing.
> > > > > >
> > > > > > Of course this is less fun
> > > > >
> > > > > Well, I wasn't going to suggest, but since the topic of
> alternatives
> > > > > is open...
> > > >
> > > > :-)
> > > >
> > > > Of course the main idea is to avoid to have a non firewall dedicated
> linux
> > > > (like centos is) configured by someone without to much network
> knowledge
> > > be
> > > > in front of Internet.
> > > >
> > > > >
> > > > > If you have an older available computer laying around, check out
> IPCop
> > > > >
> > > > >     http://www.ipcop.org/
> > > > >
> > > > > free, has lots of features, runs reliably, I've been on it for
> years,
> > > > > as have others on this list. Biggest gripe I have is docs could be
> a
> > > > > little better - they tend to not get updated to stay up with the
> > > software.
> > > > >
> > > > > >
> > > > > > Regards.
> > > > > >
> > > > > > >
> > > > > > > Can anybody help me about IP sharing in Centos?
> > > > > > >
> > > > > > > thanks alot...
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Tolun ARDAHANLI
> > > > > > > Bilgisayar Muhendisi
> > > > > > > E-posta: tolun.ardahanli at linux.org.tr
> > > > > > > Icq:326600
> > > > > > >
> > > > > > >
> ------------------------------------------------------------------
> > > > > > > ----------
> > > > > > >
> > > > > > > Tolun ARDAHANLI
> > > > > > > Computer Engineer
> > > > > > > E-mail:tolun.ardahanli at linux.org.tr
> > > > > > > Icq:326600
> > > > > > ><snip sig stuff>
> > > > >
> > > > > HTH
> > > > > --
> > > > > Bill
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > CentOS mailing list
> > > > > CentOS at centos.org
> > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Alain Spineux
> > > > aspineux gmail com
> > > > May the sources be with you
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at centos.org
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at centos.org
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > >
> > >
> > >
> > > --
> > >
> > >
> > > Tolun ARDAHANLI
> > > Bilgisayar Muhendisi
> > > E-posta:tolun.ardahanli at linux.org.tr
> > > Icq:326600
> > >
> > >
> ----------------------------------------------------------------------------
> > >
> > > Tolun ARDAHANLI
> > > Computer Engineer
> > > E-mail:tolun.ardahanli at linux.org.tr
> > > Icq:326600
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > >
> >
> >
> >
> > --
> > Alain Spineux
> > aspineux gmail com
> > May the sources be with you
> >
>
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tolun ARDAHANLI
Bilgisayar Muhendisi
E-posta:tolun.ardahanli at linux.org.tr
Icq:326600

----------------------------------------------------------------------------

Tolun ARDAHANLI
Computer Engineer
E-mail:tolun.ardahanli at linux.org.tr
Icq:326600
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080125/a98968c2/attachment-0005.html>