cheat in IP Routnig

[nima]

Hi All,
I am a NT admin and have not worked with Linux previously. First, read the short scenario please:

My lan is connected to Internet through a dedicated dial-up link and the server is assigned a static IP address (I'm using NAT). Assume it to be (213.29.195.66).I have assigned one of LAN workstations a public IP address on purpose(e.g. 64.7.160.12). My windows 2000 is capable of IP routing, but my ISP's router is configured not to route IP addresses which is not in their range of IPs. Also the VPN protocols are blocked too.

I have heard that, a LINUX operating system can be configured in a way to cheat the ISP's router and make it to route the packets. Probably because Linux is open-source and TCP/IP can be changed.

Am I right? Then, I would be thanful if anyone can guide me on this matter.

Kind Regards,
Nima

 

[ifincham]

Hi,

I assume you want to transparently forward packets arriving on your 213.29.195.66 interface to another internal machine. I can't see how, from the public internet, a packet aimed at 64.7.160.12 would ever come to you unless internet routers knew to route packets with that address to your isp. Then you would have to get the isp to agree to route it on to you, either with another static connection or using dnat at their end to convert the packets to 213.29.195.66 . Then you would need some way of separating the traffic arriving on the same interface, e.g. by destination port or whatever. Linux / NT has got nothing to do with it at that stage. It's obviously out of your control what goes on in your ISP's routers.

So, you can't use Linux yourself to allow connectivity to address 64.7.160.12 into your box from the public internet. However, if you really just want to forward certain public ip traffic from your linux gateway to another lan box, you can certainly do that.

With 'iptables' you do all sorts of packet 'mangling', including both source and destination nat. The control can be quite granular, for example only udp traffic on a particular source port for a particular destination port. For example :

/sbin/iptables -t nat -A POSTROUTING -p udp -o ppp0 -j SNAT --to 213.29.195.66

This would make packets appear to have come from 213.29.195.66.

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -i ppp0 -j DNAT --to 64.7.160.12:8080

This would forward all tcp traffic on port 80 to 64.7.160.12:8080 .

See

http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/index.html

for more info.

Regards, Iain

 

[nima]

Hi Iain. Thanks for the answer. I think I couldn't explain my problem correctly. Here is the full story:

I have a receive satellite link and I have got the 64.7.160.12 (from Internet satellite provider) to assign to my satellite NIC (One of workstations has satellite equipments). When I send requests (from this workstation) using this source IP address, the return packets go to satellite UPLINK center (instead of my local ISP) and will be forwarded to my Satellite NIC on air(using it's unique MAC address). It was working fine for a while but suddenly my ISP stopped letting me send IP traffics in which the source IP address is something different from his own IP ranges.
In fact he does not route any IP addresses to Internet
except the 213.29.195.xxx group.

Thanks,
Nima

P. S. As it's obvious, the satellite IP should not get translated.