[SOLVED] Routing a subnet with public IPs

[jaendar]

Hi there, I have a problem with making a subnet of public IPs on machines that are inside my LAN accessible from internet.


This is my setup:

1. Router PC - connected to
a) eth0 - 192.168.0.0/24 - LAN, with IP 192.168.0.200
b) eth2 - DHCP'd provider's network
c) ppp0 - PPPoE link to provider - WAN, with IP 195.138.94.xxx

2. A host in my LAN with IP 192.168.0.180 with VMWare on it, with networking set up as 'bridged' - giving direct access to LAN for all virtual machines.

3. A set of virtual machines, running on a previously mentioned host.

4. A subnet 195.138.68.xxx/29, where I have 6 IP addresses.

I need to give IP's from the mentioned subnet to virtual machines, and make them available from internet.


I'm somewhat lost in all routing stuff, so I'd appreciate any help, thanks!


UPD: so far I've got this souting table on a router PC

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.138.80.xxx * 255.255.255.255 UH 0 0 0 ppp0
195.138.68.xxx 192.168.0.200 255.255.255.248 UG 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 10 0 0 eth0
10.0.190.0 * 255.255.255.0 U 0 0 0 eth2
link-local * 255.255.0.0 U 10 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 195.138.80.xxx 0.0.0.0 UG 0 0 0 ppp0


where 195.138.80.xxx is my ISP's PPPoE gateway.

I am able to ping/trace 195.138.68.xxx addresses from router PC, but from other machines in LAN router answers 'Destination host unreachable'.

[jaendar]

Okay, it's solved - using DNAT+SNAT:

iptables -t nat -I POSTROUTING -s 192.168.0.183 -j SNAT --to-source 195.138.68.xxx iptables -I FORWARD -s 192.168.0.183 -j ACCEPT
iptables -I FORWARD -d 192.168.0.183 -j ACCEPT
iptables -t nat -A PREROUTING --dst 195.138.68.xxx -j DNAT --to-destination 192.168.0.183
iptables -t nat -A POSTROUTING --dst 192.168.0.183 --src 192.168.0.0/24 -j SNAT --to-source 192.168.0.200
iptables -t nat -A OUTPUT --dst 195.138.68.xxx 192.168.0.183


where xxx is one of the subnet's IPs, which is now feeling OK in the internet