How to set up a internal network server to communicate over the public network

Issues related to configuring your network
Post Reply
vinilara
Posts: 9
Joined: 2020/08/01 13:53:09

How to set up a internal network server to communicate over the public network

Post by vinilara » 2020/10/28 20:55:55

Hi guys,

I have a public IP address provided by my internet carrier that distribute internet through a modem/router that has several output ethernet ports. I connected one of these ports into the input ethernet port of a switch and then I distributed that internet to the servers connecting them to the switch. The switch is configured to create a internal network for the servers that has ip like 192.168.0.0 with mask 255.255.255.0.

So the problem is, how can I connect these servers to the public internet using this public IP? I want them to be accessible for SSH or HTTP for example

User avatar
TrevorH
Forum Moderator
Posts: 29902
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to set up a internal network server to communicate over the public network

Post by TrevorH » 2020/10/29 00:06:44

Sounds like one of your "switches" is a firewall that is doing NAT. You need to configure that to do port forwarding of the ports you want available outside to the correct inside addresses and to do that you 're going to need the manual for your firewall.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
jlehtone
Posts: 3172
Joined: 2007/12/11 08:17:33
Location: Finland

Re: How to set up a internal network server to communicate over the public network

Post by jlehtone » 2020/10/29 07:33:35

What Trevor said.

* A modem connects one type of connection to another type. For example, between Ethernet and TV Cable, or between Ethernet and *DSL phone line.
* A switch connects multiple Ethernet devices that are on the same Layer 2 subnet, for example the 192.168.0.0/24. IMHO, the prefix syntax (/26) is easier and safer than netmask syntax (255.255.254.192).
* A router (aka gateway) forwards traffic between two (or more) subnets.
* A wireless access point is essentially a modem that converts wireless Ethernet to wired Ethernet.
* NAT (Network Address Translation) is how a router hides a subnet that is behind it.

You have:

Code: Select all

Server (private address) --- 192.168.0.0/24 --- (private address) Router (NAT, public address) --- Internet --- (public address) Client
When Server connects to "Client", like forums.egosoft.com, it sends packet to Router. Router replaces "Sender address" of the packet with its own public address (source NAT, sNAT, aka Masquerade). Client receives packet, apparently from Router and replies to Router. Router remembers/regognizes that the reply is not for Router, but for Server, replaces "Destination" of the packet with Server's address, and forwards the packet to Server. The Client thinks that it talks with the Router the whole time.

When Client connects to Router (public address) -- a new connection -- and the Router has a destination NAT rule (dNAT, aka port forwarding), the Router will replace the destination address according to the dNAT rule and since the packet is no longer destined to the Router, it will be forwarded/routed to the new destination (private address of Server). The reply from Server will have its source address restored at Router to Router's public address and thus the Client thinks that it talks with the Router the whole time.

Note that since Router has only one public address, each dNAT rule needs different port. Say that you have three Servers and they all listen port 80 (http). The Router can forward its port 80 to only one of the Servers. To connect to other two, different ports of Router must be forwarded and the Client has to specify that they use non-standard ports when they wish to connect those other Servers.


An alternative to port forwarding is VPN (Virtual Private Network). The Router (if physically capable) runs a VPN server. The Client creates a VPN connection to the Router. Now the Router is connected to one more subnet and the Client is also member of that subnet. Client is told to use this subnet (more specifically the Router's address in it) as gateway to 192.168.0.0/24. There is no NAT, nor port forwarding between Client and Servers.

vinilara
Posts: 9
Joined: 2020/08/01 13:53:09

Re: How to set up a internal network server to communicate over the public network

Post by vinilara » 2020/10/29 15:17:09

Thank you for the explanation. Can I use a proxy to manage the port 80 and balance the incoming request between the servers? What tool do you suggest for that? @jlehtone

Post Reply

Return to “CentOS 7 - Networking Support”