[plug] Multiple WAN IP's routed down DSL line

Russell Steicke r.steicke at bom.gov.au
Wed Jul 6 11:12:21 WST 2005 

On Wed, Jul 06, 2005 at 09:56:56AM +0800, Shannon Carver wrote:
> Hi, 
> 
>  
> 
> We've just got a /29 subnet routed down our DSL connection which I'd
> like to setup to allow us to expand the number of external DNS/Web
> Servers we have, active on the net.  Previously, I'd bought one more IP
> Address (xxx.xxx.108.32) to go on top of our Primary IP
> (xxx.xxx.103.103) which I set up as such:
> 
> auto eth1:1
> 
> iface eth1:1 inet static
> 
>   address xxx.xxx.108.32
> 
>   netmask 255.255.255.255

Your gateway machine needs to know how to send traffic to the /29,
normally by having that be the internal subnet, probably on eth0 in
your case.  Then ensure forwarding is turned on with "echo 1 >
/proc/sys/net/ipv4/ip_forward", and edit /etc/sysctl.conf to make that
active after reboots.  That should be enough to route traffic from
your ADSL to and from the subnet.

In conjunction with that, make sure you re-check your firewall rules,
ensuring that they filter traffic to the new subnet correctly.  It's
the FORWARD chain you'll be most interested in.

> Where eth1 was, of course, the external interface.  This seemed to
> simple to me, but it worked, so I haven't bothered looking into it any
> further, up until now.
> 
> Now, to apply this new IP range, (xxx.xxx.66.104/29), I've gone a bit
> out of my depth of understanding.  What steps would I have to take to
> make this work?  Is it simply a process of:
> 
> auto eth1:2
> 
> iface eth1:2 inet static
> 
>   address xxx.xxx.66.104
> 
>   netmask 255.255.255.248
> 
> or creating an alias for every IP on my new subnet (i.e for 66.105 -
> 66.110).  And do I need routes as well..

These things aren't necessary.  Adding these addresses to the gateway
will confuse routing.  The ISP will send you the traffic, and your
gateway needs to know that it's meant to forward the traffic, and
where it's to be forwarded.  (This is assuming that you do want the
subnet split across different machines.  It's possible to put all the
addresses on one machine, but unusual.)

And I can't stress enough, check your firewall rules!



-- 
Russell Steicke

-- Fortune says:
Once I finally figured out all of life's answers, they changed the questions.

More information about the plug mailing list