Best of the ISP-Lists

General

Look, Ma, No IP!

Members of the ISP-Linux list look at one unforseen effect of the IP number drought: with static IP addresses at a premium, many small businesses have no static IP address but would be surprised to find that some ISPs also have no static IP address.

[September 12, 2002]

On the ISP-Linux list in August, JW inquired,

"I'm a consultant for a small ISP in Mexico. They have two ADSL connections that they share among about 30 customers. They have an NT server connected to one line, and a Mandrake Linux box connected to the other: they're planning to migrate all the customers to Linux. I'm familiar with having one public IP number and using NAT to support a bunch of workstations using private IP numbers, but here we have an ISP that apparently doesn't even have a public IP for themselves, much less for their customers (a few of which are cyber cafes, so they are doing NAT themselves). Any advice on how to make this work?"

WD suggested just requesting one:

"That sounds really odd! My guess is that their upstream carrier provides at least a few static NATed IP addresses for their use: ask for them."

GG recommended using Squid to handle the traffic:

"Do the commercial customers need direct Internet access, or are they just browsing the web? If so, then use Squid either as an active (direct) or transparent proxy located on the gateway machine to serve all commercial customers. You may even be able to split access between the two DSL lines by query type, or just attach both lines to the one server and do load balancing."

Others considered the most obvious solution:

[BO advised] "They should have two public IP addresses. If that's the case, then you would just need some ipchain/iptable rules in place. Even if they were getting private IPs, there shouldn't be any difference in the routing, except for the IPs, of course. If a client is issued a private IP address routing towards a machine (gateway) with a private IP address on one NIC and another private IP address on a different NIC (different class Cs, of course), what would be the problem? That's a lot of NATing, but I don't see why it wouldn't work."

[GG agreed] "Simply do NAT on NAT, which should work with no problems."

[CW recalled] "I recently set up an office with an ADSL connection (replaced a frame connection with ADSL) and had my OpenBSD firewall all ready to do PPPoE and NAT and everything (was already doing NAT for the frame). Then it turns out the ADSL modem/terminator that the ISP sent out already did NAT and was set up for a 192.168.1.0 LAN on the internal side and PPPoE on the external ADSL side. I just went ahead and hooked up the OpenBSD machine with a 192.168.1.2 address, pointed it at the 192.168.1.1, and ran NAT anyway. A client is being NATed twice before they get to the Internet, but it works fine."

—End