HPE Community
Operating System - Linux
1824219 Members
3826 Online
109669 Solutions
New Discussion юеВ

DMZ, sharing IP address?

 
jane zhang
Regular Advisor

тАО09-12-2003 09:26 AM

тАО09-12-2003 09:26 AM

DMZ, sharing IP address?

Hi all,

We have setup up to 10 linux boxes for computer purpose and all of them have it's own static ip address and hostname. All those boxes can automount user's home dir and do simulation on user's design files.

Since static IP addresses cost us more from the network department, and our managerment ask us if we can share one or two ip addresses among those 10 ( or more later) boxes.

Can a router or DMZ achieve this? what are the drawbacks of setting up this?

Thanks.

Jane
0 Kudos
Reply
3 REPLIES 3
Paulo A G Fessel
Trusted Contributor

тАО09-12-2003 11:43 AM

тАО09-12-2003 11:43 AM

Re: DMZ, sharing IP address?

Nut sure whether I've understood it or not. But what do you want is use the same ip for two boxes? If it is, that's impossible to do unless you put a firewall in front of these machines and configure static NAT togheter with some round-robin DNS for the network containing these computers - let us say, 1 "live" address for each group of 5 machines. Perhaps a hardware load balancer also may help you, but I don't know of its capabilities regarding NFS.

Drawbacks: NIS, NFS and automount aren't the easiest thing to set up with firewalls. Also, you'll have the administrative overhead of the firewalled DNS server.

HTH
Paulo Fessel
L'employ├Г┬й propose, le boss dispose.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО09-12-2003 03:29 PM

тАО09-12-2003 03:29 PM

Re: DMZ, sharing IP address?

You can do this if you configure the firewall iptables for NAT.

Assuming its a Linux box.

Here is the statements you need in your iptables file.

/etc/sysconfig/iptables

*nat
:PREROUTING ACCEPT [189:13041]
:POSTROUTING ACCEPT [16:2351]
:OUTPUT ACCEPT [49:9056]
-A POSTROUTING -o eth0 -j SNAT --to-source 69.12.173.172
COMMIT

The ip address is fake to protect my network.

If your internal network is 192 on eth1(the firewall needs two nics, one to the outside, one to the inside, eth1 is the inside.

-A INPUT -s 192.0.0.0/255.0.0.0 -i eth1 -j ACCEPT

This is how you accept port 80 traffic (web)
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j okay


save the file

service iptables restart

You should not need iptables on the internal boxes, but you can for extra protection.

NAT
Natural Address Translation

Thats the key.

If this post has value, please assign points.

regards,

good luck,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
jane zhang
Regular Advisor

тАО09-16-2003 09:58 AM

тАО09-16-2003 09:58 AM

Re: DMZ, sharing IP address?

Hi,
Thanks for the reply. I will try it later.

Jane
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.