1

I have 1 hosted Server with 4 IPs in a datacenter. 4 black boxes and 1 linux server in a local network at my workplace behind a router. And i need to assign each blackbox one of those 4 IPs from my hosted server, which also needs to be static.

Both server run debian stretch. Apart from setting ip & Gateway i have no access to the blackboxes. I need TCP & UDP support.

What would be the best way to accomplish that? I could only think of a VPN between the 2 server where my local one acts as a gateway? But i dont realy need a VPN overhead a simple proxy would be enough.

And how would i do that?

timo
  • 13
  • 4
  • I'd use iptables and iproute2. You're right that you don't need a VPN but you don't even need any other application like a proxy. Just using netfilter and routing would do the trick at the kernel level. I'm sorry I don't have time to write an answer today, but the web is full of howtos to implement such a simple topology. – Marco Sep 18 '17 at 11:09
  • @Marco Thanks for your reply, i didnt know i could just go with iptables. Mind pointing me in the right direction on google? i tried but dont seem to find the right search pattern to come up with something usefull. i suspect SNAT preroute on my home server and SNAT postroute on the external server would do the trick, but i have no idea how i could assign the ips to each machine – timo Sep 18 '17 at 11:42
  • 2
    Although it is not clearly indicated in the original question, but I assume that the blackboxes and the external server live in separate networks. This means that iproute2 and iptables won't work. There is not enough information on the connectivity required for the black boxes to give an exact answer. What is the communication protocol they use? – Tero Kilkanen Sep 18 '17 at 11:48
  • @TeroKilkanen i have updated my initial question. the two servers are in different networks, one is hosted in a datacenter and one located at my workplace together with those blackboxes behind a router. i need to support TCP as well as UDP – timo Sep 18 '17 at 11:55
  • @TeroKilkanen is right I probably misread the question/misunderstood the topology as I was sitting in the metro and reading on mobile, sorry! – Marco Sep 18 '17 at 17:12

1 Answers1

0

Since you need both TCP and UDP connectivity, you either need to use an IP tunnel or VPN. IP tunnel has less overhead, but it is vulnerable to all kinds of attacks.

You can also use OpenVPN without encryption, there you will have less overhead too.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • I guess i will stick with a VPN then. i set up an openvpn server on the hosted server and connect as a client from my workplace server. Do you know a way to route the blackboxes through that vpn being able to recognise each on the openvpn server? so i can assign them the correct external ips? as i can not go with a CCD or user/ip assignments – timo Sep 19 '17 at 11:29
  • That is another question and you should open a new question about it. Please include a network diagram in the question, so that one can see more clearly what the setup is. – Tero Kilkanen Sep 19 '17 at 11:46
  • thanks for the advice! this is the new one https://serverfault.com/questions/874421/route-local-network-through-vpn-assign-multiple-external-ips – timo Sep 19 '17 at 12:11