(newbie) a network related question

[FTP]

Hi there,

my question isn't really OBSD related but I would like to ask if the following 
scenario can be implemented by using a two NICs OBSD box!

If I get a static IP from my provider, is it possible to 'multiple' this and 
create my own static IPs which are accessible via the Internet? If the answer 
is 'yes', is this done via PF configuration?

To make the above more clear. If I have following set-up:

Server 1 : 10.1.1.1 -- router ADSL
Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
Server 3 : 10.1.1.3 -- router ADSL

can I convert to soemthing like this:

Server 1 : 10.1.1.1 -- router ADSL-- 86.x.x.x1 (public static 
IP!)
Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
Server 3 : 10.1.1.3 -- router ADSL-- 86.x.x.x2 (public static 
IP!)

Server N : 10.1.1.N -- router ADSL-- 86.x.x.xN (public static 
IP!)

Thanks for your time

Re: (newbie) a network related question

[Patsy]

On Tue, 14 Mar 2006, FTP wrote:

 Hi there,

 my question isn't really OBSD related but I would like to ask if the 
 following scenario can be implemented by using a two NICs OBSD box!

 If I get a static IP from my provider, is it possible to 'multiple' this and 
 create my own static IPs which are accessible via the Internet? If the answer 
 is 'yes', is this done via PF configuration?

 To make the above more clear. If I have following set-up:

 Server 1 : 10.1.1.1 -- router ADSL
 Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
 Server 3 : 10.1.1.3 -- router ADSL

 can I convert to soemthing like this:

 Server 1 : 10.1.1.1 -- router ADSL-- 86.x.x.x1 (public 
 static IP!)
 Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
 Server 3 : 10.1.1.3 -- router ADSL-- 86.x.x.x2 (public 
 static IP!)
 
 Server N : 10.1.1.N -- router ADSL-- 86.x.x.xN (public 
 static IP!)

 Thanks for your time



Hello,

No it's not possible, your ISP would only send you information that was
destined for the static IP address it assigned you. All data sent
to the other IP's would go to their rightful destination (if the IP
addresses are being used elsewhere) or they would be dropped by your ISP.

Patsy

Re: (newbie) a network related question

[FTP]

but isn't a way to route and translate connections via a existing static IP 
address?  To have 'internal' IPs acting as static in their own right?
How do ISPs 'create' their own static IPs?

Thanks

On Tue, Mar 14, 2006 at 01:08:22PM +, Patsy wrote:
 
 
 On Tue, 14 Mar 2006, FTP wrote:
 
  Hi there,
 
  my question isn't really OBSD related but I would like to ask if the 
  following scenario can be implemented by using a two NICs OBSD box!
 
  If I get a static IP from my provider, is it possible to 'multiple' this 
  and create my own static IPs which are accessible via the Internet? If the 
  answer is 'yes', is this done via PF configuration?
 
  To make the above more clear. If I have following set-up:
 
  Server 1 : 10.1.1.1 -- router ADSL
  Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
  Server 3 : 10.1.1.3 -- router ADSL
 
  can I convert to soemthing like this:
 
  Server 1 : 10.1.1.1 -- router ADSL-- 86.x.x.x1 (public 
  static IP!)
  Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
  Server 3 : 10.1.1.3 -- router ADSL-- 86.x.x.x2 (public 
  static IP!)
  
  Server N : 10.1.1.N -- router ADSL-- 86.x.x.xN (public 
  static IP!)
 
  Thanks for your time
 
 
 
 Hello,
 
 No it's not possible, your ISP would only send you information that was
 destined for the static IP address it assigned you. All data sent
 to the other IP's would go to their rightful destination (if the IP
 addresses are being used elsewhere) or they would be dropped by your ISP.
 
 Patsy

Re: (newbie) a network related question

[Bernd Schoeller]

On Tue, Mar 14, 2006 at 02:20:15PM +0100, FTP wrote:
 but isn't a way to route and translate connections via a existing static IP 
 address?  To have 'internal' IPs acting as static in their own right?
 How do ISPs 'create' their own static IPs?

Gee - we are talking about a huge area of topics here:

First, ISP-ISP traffic is handled way differently compared to
MyLittleComputer-ISP traffic (read up on the IP-protocol,
PI-networks, BGP, OSPF, etc.)

Second, you can always use NAT to translate your internal IP addresses
and ports to different ports (under a single address) on you router,
but that is probably what you already have and not what you want.

Third, if you live in a house with a single address, you cannot
publicly start announcing different addresses without the postal
service knowing about it. If packets should arrive at your home, then
you better make sure you write your street and number on the
announcement, other things just won't work.

Last but not least: _if_ your ADSL provider will assign and route
multiple addresses to your router (for example a complete C network),
then you can - of course - translate the different numbers into
different numbers in your internal network. But then: why you are not
using these IPs for your internal network directly?

Bernd

Re: (newbie) a network related question

[Matt Rowley]

but isn't a way to route and translate connections via a existing
static IP address?  To have 'internal' IPs acting as static in their
own right? How do ISPs 'create' their own static IPs?


You don't 'create' an IP address; the address is assigned.  Basically, 
from the IANA to the Regional Internet Registries, and from the 
Registries to the ISPs, and from the ISPs to the users.


Sounds like you need to request additional IP addresses from your ISP.

--Matt

Re: (newbie) a network related question

[Didier Wiroth]

Hello,
Do you really require multiple external ip addresses?
If the internals servers have different services you can use something
like: 
(pf + rdr)
Server 1 : 10.1.1.1:smtp -- router ADSL--- 86.x.x.x1:smtp (public
static IP!) 
Server 2 : 10.1.1.2:www  -- router ADSL--- 86.x.x.x1:www
Server 3 : 10.1.1.3:ssh --- router ADSL--- 86.x.x.x1:ssh 
Server N : 10.1.1.N:xxx --- router ADSL--- 86.x.x.x1:xxx

Or if all servers use same services and you require authentication, you
can use authentication:
(pf + authpf + rdr)
For example:
Server 1 : 10.1.1.1:www -- router ADSL--- 86.x.x.x1 authentication
user x
Server 2 : 10.1.1.2:www  -- router ADSL--- 86.x.x.x1 authentication
user y
Server 3 : 10.1.1.3:www --- router ADSL--- 86.x.x.x1 authentication
xxx
Etc 

Regards
Didier

-Original Message-
From: FTP [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 14, 2006 13:50
To: misc@openbsd.org
Subject: (newbie) a network related question


Server 1 : 10.1.1.1 -- router ADSL-- 86.x.x.x1 (public
static IP!) 
Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4 
Server 3 : 10.1.1.3 -- router ADSL-- 86.x.x.x2 (public
static IP!) 
Server N : 10.1.1.N -- router ADSL-- 86.x.x.xN (public
static IP!)

Re: (newbie) a network related question

[Didier Wiroth]

Forgot nat (which is obvious) ... in previous post.

Or for example for different http servers, something like this:
(use pf + rdr + nat)
Server 1 : 10.1.1.1 http port 80   - router ADSL - 86.x.x.1 http port
80
Server 2 : 10.1.1.2 http port 8080 - router ADSL - 86.x.x.1 http port
8080
Server 3 : 10.1.1.3 http port 8081 - router ADSL - 86.x.x.1 http port
8081
Etc

didier

Re: (newbie) a network related question

[FTP]

please see my replies below!

Thank you

On Tue, Mar 14, 2006 at 02:43:17PM +0100, Bernd Schoeller wrote:
 On Tue, Mar 14, 2006 at 02:20:15PM +0100, FTP wrote:
  but isn't a way to route and translate connections via a existing static IP 
  address?  To have 'internal' IPs acting as static in their own right?
  How do ISPs 'create' their own static IPs?
 
 Gee - we are talking about a huge area of topics here:
 
 First, ISP-ISP traffic is handled way differently compared to
 MyLittleComputer-ISP traffic (read up on the IP-protocol,
 PI-networks, BGP, OSPF, etc.)


I understand that! :-(

 Second, you can always use NAT to translate your internal IP addresses
 and ports to different ports (under a single address) on you router,
 but that is probably what you already have and not what you want.


correct. I have that already!

 Third, if you live in a house with a single address, you cannot
 publicly start announcing different addresses without the postal
 service knowing about it. If packets should arrive at your home, then
 you better make sure you write your street and number on the
 announcement, other things just won't work.


No but I use the following format: address+office1 ... address+officeN! That's 
what I try to achieve with the IPs as well but without having to use port 
numbers!

 Last but not least: _if_ your ADSL provider will assign and route
 multiple addresses to your router (for example a complete C network),
 then you can - of course - translate the different numbers into
 different numbers in your internal network. But then: why you are not
 using these IPs for your internal network directly?


well, that's not case. But even then, how can a ISP assign a complete C network 
just like this? What's behind that?

 Bernd

Re: (newbie) a network related question

[David Coppa]

On Tuesday 14 March 2006 15:48, you wrote:
 I know the way to have different ports by using NAT but this isn't really
 what I try to achieve!

 If ISPs have a fixed pool of static IP addresses then what happens if we
 'spend' all the existing ones and nothing is left for the newcomers?


The address space limitations of IPv4 is one of the problems that IPv6 will 
solve.

Bye,
David

 On Tue, Mar 14, 2006 at 01:29:01PM +, Patsy wrote:
  ISP's actually have static IPs, they grant you the use of one from their
  pool, they don't create them. They use virtual hosts in apache to host
  more than one website on one IP address.
 
  You can route connections to X.Y.Z.T:P (if X.Y.Z.T is your static IP) to
  one of the internal computers, but you have to choose which one you want
  to route it to, you can't connect to all 3 on port P from the internet.
 
  Patsy
 
  On Tue, 14 Mar 2006, FTP wrote:
   but isn't a way to route and translate connections via a existing
   static IP address?  To have 'internal' IPs acting as static in their
   own right? How do ISPs 'create' their own static IPs?
  
   Thanks
  
   On Tue, Mar 14, 2006 at 01:08:22PM +, Patsy wrote:
On Tue, 14 Mar 2006, FTP wrote:
 Hi there,

 my question isn't really OBSD related but I would like to ask if
 the following scenario can be implemented by using a two NICs OBSD
 box!

 If I get a static IP from my provider, is it possible to 'multiple'
 this and create my own static IPs which are accessible via the
 Internet? If the answer is 'yes', is this done via PF
 configuration?

 To make the above more clear. If I have following set-up:

 Server 1 : 10.1.1.1 -- router ADSL
 Server 2 : 10.1.1.2 -- router ADSL-- 86.178.23.4
 Server 3 : 10.1.1.3 -- router ADSL

 can I convert to soemthing like this:

 Server 1 : 10.1.1.1 -- router ADSL-- 86.x.x.x1
 (public static IP!) Server 2 : 10.1.1.2 -- router
 ADSL-- 86.178.23.4 Server 3 : 10.1.1.3 -- router
 ADSL-- 86.x.x.x2 (public static IP!) 
 Server N : 10.1.1.N -- router ADSL-- 86.x.x.xN
 (public static IP!)

 Thanks for your time
   
Hello,
   
No it's not possible, your ISP would only send you information that
was destined for the static IP address it assigned you. All data sent
to the other IP's would go to their rightful destination (if the IP
addresses are being used elsewhere) or they would be dropped by your
ISP.
   
Patsy

Re: (newbie) a network related question

[Stuart Henderson]

On 2006/03/14 15:48, FTP wrote:
 If ISPs have a fixed pool of static IP addresses then what happens
 if we 'spend' all the existing ones and nothing is left for the
 newcomers?

ISPs should have enough address space for their customers and if they
need more they'll apply for more from an LIR/RIR.

  If I get a static IP from my provider, is it possible to
  'multiple' this and create my own static IPs which are accessible
  via the Internet?

Sounds like you want a provider that will allocate you more than a
single address. Depending on where you are, this may not be possible,
and if it's possible you might have to pay for a higher class of service.

Re: (newbie) a network related question

[Peter Landry]

 Third, if you live in a house with a single address, you cannot
 publicly start announcing different addresses without the postal
 service knowing about it. If packets should arrive at your home, then
 you better make sure you write your street and number on the
 announcement, other things just won't work.


No but I use the following format: address+office1 ... address+officeN!
That's what I try to achieve with the IPs as well but without having to
use port numbers!

While this analogy is probably starting to get a little stretched,
address + officeN is analogous to ip:port. IP address is like a postal
service address, it tells where a packet should physically go to. once
it gets to that address, its up to the receiving computer to figure out
which program is listening to the port the packet arrived on. When you
send a letter to address + officeN, the post office doesn't care about
the officeN part, it just looks at the address to get the packet there.

 Last but not least: _if_ your ADSL provider will assign and route
 multiple addresses to your router (for example a complete C network),
 then you can - of course - translate the different numbers into
 different numbers in your internal network. But then: why you are not
 using these IPs for your internal network directly?


well, that's not case. But even then, how can a ISP assign a complete C
network just like this? What's behind that?

the ISP is assigning IPs based on a block of IPs they already own, they
don't just create them. They'll block off part of their own class A or
B network and allow you to use them. All IPs get assigned by a naming
authority, such as ARIN.

Re: (newbie) a network related question

[FTP]

On Tue, Mar 14, 2006 at 10:16:18AM -0500, Peter Landry wrote:
  Third, if you live in a house with a single address, you cannot
  publicly start announcing different addresses without the postal
  service knowing about it. If packets should arrive at your home, then
  you better make sure you write your street and number on the
  announcement, other things just won't work.
 
 
 No but I use the following format: address+office1 ... address+officeN!
 That's what I try to achieve with the IPs as well but without having to
 use port numbers!
 
 While this analogy is probably starting to get a little stretched,
 address + officeN is analogous to ip:port. IP address is like a postal
 service address, it tells where a packet should physically go to. once
 it gets to that address, its up to the receiving computer to figure out
 which program is listening to the port the packet arrived on. When you
 send a letter to address + officeN, the post office doesn't care about
 the officeN part, it just looks at the address to get the packet there.
 
  Last but not least: _if_ your ADSL provider will assign and route
  multiple addresses to your router (for example a complete C network),
  then you can - of course - translate the different numbers into
  different numbers in your internal network. But then: why you are not
  using these IPs for your internal network directly?
 
 
 well, that's not case. But even then, how can a ISP assign a complete C
 network just like this? What's behind that?
 
 the ISP is assigning IPs based on a block of IPs they already own, they
 don't just create them. They'll block off part of their own class A or
 B network and allow you to use them. All IPs get assigned by a naming
 authority, such as ARIN.

OK.

I would also like to thank all the participants for their replies.

Re: (newbie) a network related question

[Lars Hansson]

On Tuesday 14 March 2006 22:48, FTP wrote:
 If ISPs have a fixed pool of static IP addresses then what happens if we
 'spend' all the existing ones and nothing is left for the newcomers?

The idea is that IPv6 should have replaced Ipv4 by that time

---
Lars Hansson