24.02.2019 9:35, Marc Chamberlin пишет:
Andrie - All IP addresses are IP4. So for example my ISP gave me the set of static IPs from 111.222.333.10 through 111.222.333.20, I will try to show a picture of what I am wanting -
111.222.333.10 I assigned to the ext NIC on my firewall system, int NIC has a current internal IP of 192.168.10.2 111.222.333.11 I want this to be handled by one of my internal systems with current internal IP of 192.168.10.10 111.222.333.12 ditto with system that has current internal IP of 192.168.10.20 111.222.333.13 ditto ... 111.222.333.20 In my experimentation I have assigned all these public static IP addresses to my ext NIC on my firewall system since that seems like a logical starting place.. My network topology is really not all that complicated, just a bunch of computers all on the same internal LAN behind a single firewall.
Yes, you can forward traffic to specific external address to specific internal address and mangle packets in reverse direction to have this outgoing address. This is exactly what Network *Address* Translation is for. I do not know if SUSEfirewall2 offers high level means to configure it, on iptables level this would be DNAT for packets entering external interface and SNAT on packets leaving external interface. In which case you probably want to use --persistent to simplify tracking.
HTHs Marc..
On 02/23/2019 10:12 PM, Andrei Borzenkov wrote:
24.02.2019 8:30, Marc Chamberlin пишет:
I am kinda racking my brains on this and know it is probably either duck soup easy or impossible... I have a SOHO network at home configured with one system using SuSEFirewall2 (yeah I know it is deprecated now...) running OpenSuSE Leap 15, with 2 NICs. SuSEFirewall2 provides NAT (masquerading) between my external NIC (which has a static IP address assigned to it) and my internal private LAN on the other NIC. My ISP just upgraded my internet connection with fiber optics cable and as a super bonus gave me a block of public static IP addresses to enjoy.
Is your current IP part of this address block? Is it IPv4 or IPv6 (bot current IP and additional address block)?
So what I would like to do with these is to assign them so that I can get a couple of my internal machines to be directly available from the internet using these new static IP addresses. (I have been doing the things I want with a lot of FW_FORWARD_MASQ definitions in SuSEFirewall2 and playing fast and loose with port assignments) And I have a number of overlapping and duplicated services, like VNC, Web, SSH, Email etc that I have had to juggle running on two or more different systems.
I know that with YaST I can assign all these new static IP addresses to the NIC card that I use to connect me to the fiber optics cable, what I See question above. If it is independent block of addresses that are supposed to be routed via your current public IP, you probably cannot.
don't know/understand is how to connect/route/forward (whatever the terminology is) these static IP addresses and assign them to different computers on my network, while at the same time maintaining the topology of my private LAN. Do I need separate cabling or can I do this over my existing cables? Without getting Martian errors? Can I assign both an internal DHCP assigned IP address and one of these static IP addresses to the same NIC card? And can any and all port connection requests, made on one of these static IP addresses, be routed to the appropriate "internal" machine by default? (yeah I will run a firewall on it also since it will become directly exposed to the internet if this is possible.)
This is new territory for me, never had to do anything like this before! So appreciate any and all kind words of advice... Marc...
This all depends on answer to the first question. You need to have (and explain) clear picture of network topology involving these multiple IP addresses.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org