Hey I have a new server with some stupid control panel which requires to use public IP on the machine itself. All config files (apache,...) are using this public IP. Now the problem is that i'm not going to put this server directly to the internet line since i have sonicwall firewall. I want it behind it and since i can't use local IP's on that server i've got a problem. So far what i did to even install it, i set another IP to the NIC so now i have two IP's on 1 NIC. Public IP which is my real public IP (eth0:0) and is used in all config files and local IP (eth0) for LAN (sonicwall). What i want to do is this: If sonicwall sends data to server over local IP (LAN) i want it to route that traffic to public IP on the server (all the same server!!). If server sends some data from public IP (all config files are using Public ip), i want it to route it to local IP which then sends data to sonicwall over LAN. Basically i need to trick all the programs (www, email, ftp,...) to think that they are using my public IP while in fact all the traffic is done over LAN ip. Anyone can direct me into what i need to check out to do this? IP routing? Edit: Right, IP alias is what i currently have set now Still now sure if this is enough is for example i try to access email the traffic goes like this: internet -> sonicwall with public IP -> over LAN to server -> from lan IP on the server -> public IP (eth0:0 alias) on the server. And vice versa when server sends data back.. edit2: hmm, yes, let me post the current setup in interfaces file: Code: auto eth0 iface eth0 inet static address 192.168.2.100 netmask 255.255.255.0 gateway 192.168.2.1 auto eth0:0 iface eth0:0 inet static address PUBLIC IP netmask 255.255.255.0 gateway 192.168.2.1
Hi TheRudy... The problem your having starts with the firewall I believe; Poke around and see if you can config your firewall as a DHCP server If so set it up to use a few of the non public addresses you want to use. I prefer 192.168.0.x or you can use 10.10.10.x it doesn't matter which! Next see if it allows you to reserver a single address...if so use one of the DHCP addresses you just setup. Lastly see if you have port forwarding, forward the ports ie http, ftp, smtp to your reserved address. You may wish to set up your server as a DMZ and allow pings if your firewall allows but I don't as it adds an extra layer of security staying behind the firewall with a minimal performance hit! If all is going as described follow the link below it should help you to configure your server as you wish! http://www.howtoforge.com/perfect_setup_fedora_core_5_p3 If you are not using Fedora Core 5, search for a "perfect setup" for your distro...you should find something here that will get you in the right direction!
Not really what i mean I already have set up firewall and ports on hardware firewall. The communication between firewall and server is over LAN aka local IP's range. Problem is that traffic that comes into server comes from for example IP: 192.168.2.100 and the apache config files have for example: <VirtualHost 190.190.190.190:80> aka PUBLIC ip. And this is my problem. I need to get traffic from 192.168.2.100 to 190.190.190.190 on the server itself! Both IP's are on my 1 NIC. 192.168.2.100 is ETH0 and 190.190.190.190 is alias on ETH0:1 I tried rerouting the traffic and it doesn't work: Code: #!/bin/sh /sbin/iptables -t nat -A PREROUTING -i eth0 -d PUBLIC_IP -j DNAT --to-destination=LOCAL_IP /sbin/iptables -t nat -A POSTROUTING -o eth0 -s LOCAL_IP -j SNAT --to-source=PUBLIC_IP
