Posts Tagged ‘networking’ Feed

One Linux Box replacing Many SOHO Routers (iptables, iproute2, netfilter)

Saturday, October 18th, 2008 Chinese Cantonese

It’s easy to use Linux to replace one SOHO router. It can be conclude with 6 commands:

dhclient3 … $WANIF # Get the IP on WAN side
ip addr add 192.168.0.0/24 broadcast + dev $LANIF # Get the IP on LAN side
dhcpd3 … $LANIF # Enable the DHCPD on LAN side
sys.net.ipv4.ip_forward = 1 # Enable forwarding
iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE # Enable SNAT
dnsmasq # Enable DNS proxy

GOAL: Use one Linux box to replace N SOHO Routers. i.e. This box would multiple isolated NAT each running at the same but actually different private IP range.

One router takes 5 commands doesn’t mean 2 routers take 10 commands, the problems are:

  1. How to get more than one IP for the WAN Interfaces?
  2. How to MASQUERADE to different WAN IP, for each set of router?
  3. N routers subnet will be defined as 192.168.0.0/24, but just like real router setup, THIS 192.168.0.0/24 is not THAT 192.168.0.0/24. Attaching 192.168.0.1/24 to $LANIF[1..n] confuses the kernel, or routing table to be exact, what can be done?
  4. From LAN side to visit the Router box?
  5. How about DMZ and Port Forwarding?
  6. Can visiting the other NAT subnet from one NAT subnet be done?
  7. How about Router visiting Client Side?

(more…)

Tags , , | Category Creation, Blog
2 Comments »