0

My ISP had given me a /30 network. Later, when I wanted more public ips, I requested for a /29 network. I was told to keep using my earlier /30 network on the interface which is facing ISP, and the newly given /29 network should be used on the other interface which connects to my NAT router and servers.

This is what I got from the isp:

WAN IP: 179.xxx.4.128/30
CUSTOMER IP : 179.xxx.4.130
ISP GATEWAY IP:179.xxx.4.129
SUBNET : 255.255.255.252

LAN IPS: 179.xxx.139.224/29
GATEWAY IP :179.xxx.139.225
SUBNET : 255.255.255.248

I have a Ubuntu pc which has two interfaces. So I am planning to do the following:

eth0 will be given 179.xxx.4.130/30 gateway 179.xxx.4.129
eth1 will be given  179.xxx.139.225/29

And I will have the following in the /etc/sysctl.conf:

net.ipv4.ip_forward=1

These will be iptables rules:

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

My clients which have the ips 179.xxx.139.226/29 and 179.xxx.139.227/29 will be made to use 179.xxx.139.225/29 as gateway.

Will this configuration work for me? Any comments? If it works, what iptables rules can I use to have a bit of security?

P.S. Both networks are non-private and there is no NATing.

nixnotwin
  • 1,543
  • 5
  • 35
  • 55

2 Answers2

2

I'm not very clear how this is set up / how you think it will work ("which connects to my NAT router....there is no NATing").

But from what I can see this is likely to break in strange and esoteric ways.

Consider, a client outside connects to 179.xxx.139.225, but the reply might come from 179.xxx.4.129 - you certainly won't be able to run any stateful firewalling.

While it is quite possible to configure Linux to handle the routing sensibly, it'd be a lot simlper to partition the networks across 2 routers - even if one of them is a virtual machine.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • NAT router will have 179.xxx.139.226 as ip (it'll exist in 179.xxx.139.224/29 network), and default gateway for it is 179.xxx.139.225 (the one I want to set up). – nixnotwin Nov 22 '11 at 13:45
  • The router, the ISP should have set up to connect different WAN networks, should be installed by me. So, now I should have a router to forward traffic between my old WAN subnet (/30) and the new one (/29). – nixnotwin Nov 22 '11 at 13:54
1

Besides the iptables configuration which I have no idea about, I think it will work for you but you shouldn't forget the routing table of the Linux system to make ethics as the default.

Hanan
  • 378
  • 5
  • 16