User guide

ManualsBrandsMultitech ManualsComputer equipmentRouteFinder RF850

141

142

143

144

145

146

147

148

149

150

Chapter 8 – Frequently Asked Questions (FAQs)

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 143

Q6. Is it possible to have multiple IPs assigned to the external interface, and then have multiple

internal Web-servers?

A6. Yes that is possible. You have to be sure that the request reaches the RouteFinder, and then you can use

DNAT to redirect them to the Web servers. You don't need to bind those IP addresses to the external

interface, as long as they are routed to the RouteFinder. The problem is that the IP packets have to reach

the interface. There are 2 ways to accomplish this:

1. Bind an alias IP to the external interface, so that it answers ARP requests for this IP and the IP

packets are sent to the ARP Address of this NIC card.

(If you're ready to do some hand typing on the console you can make an IP alias on your NIC and

make a script in /etc/rc.d/rc2.d to have it run at each boot (put it at S99 to be sure). Just don't use

ifconfig to do that, as it is deprecated in 2.4 kernels.

The command to add the IP 10.0.0.3 on your eth0 NIC card is:

IP addr add 10.0.0.3/24 broadcast 10.0.0.255 label eth0:0 dev eth0

Note that the label part is not mandatory; it's just there so that ifconfig can list your alias. Moreover,

the label name is free (you can have 'myalias' instead of eth0:0) though you should avoid characters

like '-' or '_' : ifconfig seems to get lost if you use these.)

2. Tell the RouteFinder to send those IP packets directly to the external interface by adding a static

routing entry. You have to do subnetworking; for example, enter the following interface definitions and

routes:

Old:

RouteFinder:

Router Ethernet Interface:

IP: 196.126.228.65

Netmask: 255.255.255.224

Routes: none

Firewall:

RouteFinder Ethernet

Interface:

IP: 196.126.228.66

Netmask: 255.255.255.224

Def GW: 196.126.228.65

New:

RouteFinder:

Router Ethernet Interface:

IP: 196.126.228.65

Netmask: 255.255.255.252

Routes:

196.126.228.67/255.255.255.252 ->

196.126.228.66

196.126.228.72/255.255.255.248 ->

196.126.228.66

196.126.228.80/255.255.255.240 ->

196.126.228.66

RouteFinder Ethernet Interface:

IP: 196.126.228.66

Netmask: 255.255.255.252

Def GW: 196.126.228.65

Q7. Can I forward SSH connections?

A7. Yes, by configuring port forwarding of SSH (dest. port 22):

Source: External Interface Port 22 goes to

Destination: SSH_Server Port 22

Procedure:

1. Define two Hosts in Networks & Services:

external_NIC a.b.c.d 255.255.255.255

SSH_Server e.f.g.h 255.255.255.255

2. Define one Service in Networks & Services:

NAT_SSH TCP 0:65534 22

3. Add one NAT-Rule in Network Setup > DNAT: external_NIC NAT_SSH -> SSH_Server NAT_SSH.

4. Add one Rule in Packet Filters > Packet Filter Rules: Any NAT_SSH SSH_Server Allow.

This way, the destination address of every TCP packet will be translated from a.b.c.d:22 (Firewall) to

e.f.g.h:22 (SSH-Server) and back again.