1. Home
  2. Categories
  3. General
  4. General Help
  5. Making a server accessible via public IPs

Making a server accessible via public IPs

  • Rhywden

    Now that I've found out how to actually make the 2nd NIC on my server active (which was a non-trivial feat) I now want to make said server accessible to the broader internet via a public IP. Scratch that, two IPs!

    Basically, what I'd like is that everything that accesses the two IPs (say, 1.1.1.1 and 1.1.1.2) to land at this particular NIC. After which Debian will drop everything that's not http(s) with great prejudice.

    Anyways, I seem to be missing some information and Googling what I actually need is ... problematic. Currently, the only info I have are the two IPs itself. I'm guessing it will be a /32 but don't I need a gateway as well? Flying a bit blind.

    0 izzion 1 Reply
  • izzion
    I survived the hour long Uno hand

    @Rhywden said in Making a server accessible via public IPs:

    Now that I've found out how to actually make the 2nd NIC on my server active (which was a non-trivial feat) I now want to make said server accessible to the broader internet via a public IP. Scratch that, two IPs!

    Basically, what I'd like is that everything that accesses the two IPs (say, 1.1.1.1 and 1.1.1.2) to land at this particular NIC. After which Debian will drop everything that's not http(s) with great prejudice.

    Anyways, I seem to be missing some information and Googling what I actually need is ... problematic. Currently, the only info I have are the two IPs itself. I'm guessing it will be a /32 but don't I need a gateway as well? Flying a bit blind.

    I'm assuming the public IPs are on your firewall and not on the server itself, if that is not correct, then the below isn't accurate:

    1. Set up the firewall to do a NAT translation for the relevant IP(s) and port(s) (e.g. inbound traffic to 1.1.1.1 port 443 rewrite to internal 10.1.2.3 port 443)
    2. Almost all firewalls should automatically track the inbound translations so that when the server responds the firewall will rewrite things so the external user sees the response come from the same IP they originally asked for.
    3. If you need to have the server initiate outbound connections so that they show up from a specific public IP, then the least headache way is to make sure that each internal outbound IP of the server maps 1:1 to a desired public outbound IP address... if this is what you're aiming to do let me know and I can try to expound more.
    0 Rhywden 1 Reply
  • Rhywden

    @izzion I should have mentioned that: No, there's no firewall. Those are actual public IPs.

    0 izzion 1 Reply
  • izzion
    I survived the hour long Uno hand

    @Rhywden said in Making a server accessible via public IPs:

    @izzion I should have mentioned that: No, there's no firewall. Those are actual public IPs.

    Then yes, you’ll need to put the IPs on the interface and adjust your routing table accordingly:

    Assuming your ISP assigned public range is 1.1.1.0/29 (1.1.1.1-1.1.1.5, talking to the ISP’s gateway at 1.1.1.6):

    1. Add the 1.1.1.2/29 and 1.1.1.3/29 addresses to the interface.
    2. Note your current default gateway, just in case your internal network is more than one subnet.
    3. Update the server’s default gateway to be the ISP’s gateway (1.1.1.6)

    The complication in this setup is if you do have an internal network that the server needs to communicate with via the non-public interface and that network is larger than just the subnet the server is on (e.g. the server’s internal IP is 10.1.1.222/24, but the internal network includes all of 10.1.0.0/16). If this case exists, you will also need to add a static route for the internal network to the old default gateway (so something like 10.1.0.0/16 via 10.1.1.1)

    4 Rhywden 1 Reply
  • Rhywden

    @izzion Okay, missing the proper subnet and gateway then.

    0
Log in to reply