How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Russell H. Your Own Question
Russell H.
Russell H., Internet and LAN
Category: Networking
Satisfied Customers: 10786
Experience:  11 years work with Internet/IP, routers, networks, servers
13568747
Type Your Networking Question Here...
Russell H. is online now
A new question is answered every 9 seconds

I have multiple IP addresses from my ISP and I have

Customer Question

I have multiple IP addresses from my ISP and I have successfully set them up to point to different servers within my LAN.
Currently they are setup to allow complete access to them. However, I just want to certain source ip addresses to be able to access these servers.
Current script:
Code:
# ***** ip addresses
ifconfig vlan1:1 193.n.n.123 netmask 255.255.255.248 broadcast 193.n.n.127
ifconfig vlan1:2 193.n.n.124 netmask 255.255.255.248 broadcast 193.n.n.127
iptables -t nat -I PREROUTING -p all -d 193.n.n.123 -j DNAT --to-destination 192.168.1.10
iptables -t nat -I PREROUTING -p all -d 193.n.n.124 -j DNAT --to-destination 192.168.1.11
iptables -t nat -I POSTROUTING -p all -s 192.168.1.10 -j SNAT --to-source 193.n.n.123
iptables -t nat -I POSTROUTING -p all -s 192.168.1.11 -j SNAT --to-source 193.n.n.124
iptables -I FORWARD -p tcp -d 192.168.1.10 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.11 -j ACCEPT
I have tried this but obviously it does not work how I want it to:
Code:
# ***** ip addresses
ifconfig vlan1:1 193.n.n.123 netmask 255.255.255.248 broadcast 193.n.n.127
ifconfig vlan1:2 193.n.n.124 netmask 255.255.255.248 broadcast 193.n.n.127
iptables -t nat -I PREROUTING -p all -d 193.n.n.123 -j DNAT --to-destination 192.168.1.10
iptables -t nat -I PREROUTING -p all -d 193.n.n.124 -j DNAT --to-destination 192.168.1.11
iptables -t nat -I POSTROUTING -p all -s 192.168.1.10 -j SNAT --to-source 193.n.n.123
iptables -t nat -I POSTROUTING -p all -s 192.168.1.11 -j SNAT --to-source 193.n.n.124
iptables -I FORWARD -p tcp -s 178.x.x.105 -d 192.168.1.10 -j ACCEPT
iptables -I FORWARD -p tcp -s 178.x.x.105 -d 192.168.1.11 -j ACCEPT
Submitted: 1 year ago.
Category: Networking
Customer: replied 1 year ago.
I just realized the question did not format out very good. Here is another try:I am running DD-WRT on my router. I have multiple IP addresses from my ISP and I have successfully set them up to point to different servers within my LAN.Currently they are setup to allow complete access to them. However, I just want to certain source ip addresses to be able to access these servers.Current script:
# ***** ip addresses
ifconfig vlan1:1 193.n.n.123 netmask 255.255.255.248 broadcast 193.n.n.127
ifconfig vlan1:2 193.n.n.124 netmask 255.255.255.248 broadcast 193.n.n.127iptables -t nat -I PREROUTING -p all -d 193.n.n.123 -j DNAT --to-destination 192.168.1.10
iptables -t nat -I PREROUTING -p all -d 193.n.n.124 -j DNAT --to-destination 192.168.1.11
iptables -t nat -I POSTROUTING -p all -s 192.168.1.10 -j SNAT --to-source 193.n.n.123
iptables -t nat -I POSTROUTING -p all -s 192.168.1.11 -j SNAT --to-source 193.n.n.124
iptables -I FORWARD -p tcp -d 192.168.1.10 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.11 -j ACCEPTI have tried this but obviously it does not work how I want it to:
# ***** ip addresses
ifconfig vlan1:1 193.n.n.123 netmask 255.255.255.248 broadcast 193.n.n.127
ifconfig vlan1:2 193.n.n.124 netmask 255.255.255.248 broadcast 193.n.n.127iptables -t nat -I PREROUTING -p all -d 193.n.n.123 -j DNAT --to-destination 192.168.1.10
iptables -t nat -I PREROUTING -p all -d 193.n.n.124 -j DNAT --to-destination 192.168.1.11
iptables -t nat -I POSTROUTING -p all -s 192.168.1.10 -j SNAT --to-source 193.n.n.123
iptables -t nat -I POSTROUTING -p all -s 192.168.1.11 -j SNAT --to-source 193.n.n.124
iptables -I FORWARD -p tcp -s 178.x.x.105 -d 192.168.1.10 -j ACCEPT
iptables -I FORWARD -p tcp -s 178.x.x.105 -d 192.168.1.11 -j ACCEPT
Expert:  Russell H. replied 1 year ago.

Hi, thank you for contacting JustAnswer.com. My name is Russell. I will do my best to provide the right answer to your question.

I fear that this question will remain unanswered unless someone here, even if they cannot be the person who ultimately answers the question adequately, ... at least asks:

- What is it that is not working right, by the evidence?

- And, could you please post, as a text file, the scripts? a lack of <RETURN> characters makes the scripts a great wodge of slow-to-decipher stuff. That would help us comprehend what you are asking about. Please do so. Thanks.

Customer: replied 1 year ago.
OK, let me try to explain this better.I have a router running DD-WRT firmware and I have a block of 5 static IP addresses from my ISP. These static IP addresses I have pointing to different server running on my LAN. I have accomplished this with the commands I have posted. Basically what I am trying to do now is to only allow traffic from certain source IP addresses (My house, My Shop, etc) to access these servers on my LAN. Currently anyone can access these servers.
Expert:  Russell H. replied 1 year ago.

That limiting of access to the servers should be done by capable firewalling. Firewalling blocks access from the wrong IPs. I don't think it can be done by routing commands, at all.

Related Networking Questions