https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070096#M87467 Hi,<BR />Thanks for the reply. I will try it later.<BR /><BR />Jane Tue, 16 Sep 2003 16:58:38 GMT jane zhang 2003-09-16T16:58:38Z https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070093#M87464 Hi all,<BR /><BR />We have setup up to 10 linux boxes for computer purpose and all of them have it's own static ip address and hostname. All those boxes can automount user's home dir and do simulation on user's design files.<BR /><BR />Since static IP addresses cost us more from the network department, and our managerment ask us if we can share one or two ip addresses among those 10 ( or more later) boxes.<BR /><BR />Can a router or DMZ achieve this? what are the drawbacks of setting up this? <BR /><BR />Thanks.<BR /><BR />Jane Fri, 12 Sep 2003 16:26:31 GMT https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070093#M87464 jane zhang 2003-09-12T16:26:31Z https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070094#M87465 Nut sure whether I've understood it or not. But what do you want is use the same ip for two boxes? If it is, that's impossible to do unless you put a firewall in front of these machines and configure static NAT togheter with some round-robin DNS for the network containing these computers - let us say, 1 "live" address for each group of 5 machines. Perhaps a hardware load balancer also may help you, but I don't know of its capabilities regarding NFS.<BR /><BR />Drawbacks: NIS, NFS and automount aren't the easiest thing to set up with firewalls. Also, you'll have the administrative overhead of the firewalled DNS server.<BR /><BR />HTH<BR />Paulo Fessel Fri, 12 Sep 2003 18:43:48 GMT https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070094#M87465 Paulo A G Fessel 2003-09-12T18:43:48Z https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070095#M87466 You can do this if you configure the firewall iptables for NAT.<BR /><BR />Assuming its a Linux box.<BR /><BR />Here is the statements you need in your iptables file.<BR /><BR />/etc/sysconfig/iptables<BR /><BR />*nat<BR />:PREROUTING ACCEPT [189:13041]<BR />:POSTROUTING ACCEPT [16:2351]<BR />:OUTPUT ACCEPT [49:9056]<BR />-A POSTROUTING -o eth0 -j SNAT --to-source 69.12.173.172<BR />COMMIT<BR /><BR />The ip address is fake to protect my network.<BR /><BR />If your internal network is 192 on eth1(the firewall needs two nics, one to the outside, one to the inside, eth1 is the inside.<BR /><BR />-A INPUT -s 192.0.0.0/255.0.0.0 -i eth1 -j ACCEPT<BR /><BR />This is how you accept port 80 traffic (web)<BR />-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j okay<BR /><BR /><BR />save the file<BR /><BR />service iptables restart<BR /><BR />You should not need iptables on the internal boxes, but you can for extra protection.<BR /><BR />NAT<BR />Natural Address Translation<BR /><BR />Thats the key.<BR /><BR />If this post has value, please assign points.<BR /><BR />regards,<BR /><BR />good luck,<BR /><BR />SEP<BR /> Fri, 12 Sep 2003 22:29:27 GMT https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070095#M87466 Steven E. Protter 2003-09-12T22:29:27Z https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070096#M87467 Hi,<BR />Thanks for the reply. I will try it later.<BR /><BR />Jane Tue, 16 Sep 2003 16:58:38 GMT https://community.hpe.com/t5/operating-system-linux/dmz-sharing-ip-address/m-p/3070096#M87467 jane zhang 2003-09-16T16:58:38Z