views:

538

answers:

3

Hi,

I have 20 ips from my isp. I have them bound to a router box running centos. What commands, and in what order, do I set up so that the other boxes on my lan, based either on their mac addresses or 192 ips can I have them route out my box on specific ips. For example I want mac addy xxx:xxx:xxx0400 to go out 72.049.12.157 and xxx:xxx:xxx:0500 to go out 72.049.12.158.

A: 

What's the router hardware and software version?

Are you trying to do this with a linux box? Stop now and go get a router. It will save you money long-term.

Christopher Mahan
I wholeheartedly disagree -- Linux-based router+VPN+firewall boxes are in my experience no trouble at all to maintain once properly configured, and iptables+ebtables is considerably more flexible than some proprietary solutions.
Charles Duffy
I've done this. If you need throughput, dedicated hardware is faster. By the time you buy a decent box, and fast high quality network card, you're almost at the cost of the router. Then, the router will cost less electricity.
Christopher Mahan
+1  A: 

Use iptables to setup NAT.

iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 72.049.12.157
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 72.049.12.158

This should cause any ips on the 192.168.0.0 subnet to have an 'external' ip of 72.049.12.157 and those on the 192.168.1.0 subnet to have an 'external' ip of 72.049.12.158. For MAC address matching, use '-m mac --mac-source MAC-ADDRESS' in place of the '-s 192.168.0.0/24' argument

Don't forget to activate ip forwarding:
cat /proc/sys/net/ipv4/ip_forward
If the above returns a '0' then it won't work, you'll have to enable it. Unfortunately this is distro-specific and I don't know CentOS.
For a quick hack, do this:
echo 1 > /proc/sys/net/ipv4/ip_forward

BigMikeD
A: 

Answering this question with the little information you gave amounts to rewriting a routing Howto here. You could either

  • read about routing and IP in general (e.g. Linux System Administrator's Guide) or
  • give us more info on the exact IP addresses you got.

The above answer using NAT is definately not what you intend to use when you have public IP addresses. This solution is not going to scale well.

xmjx