> Dear All, > > I want to know MUST the Server machine BEHIND the linux firewall / > router machine, then it can be assign ( use ) PRIVATE IP to instead of > PUBLIC IP ? > Dear All, > > I want to know MUST the Server machine BEHIND the linux firewall / > router machine, then it can be assign ( use ) PRIVATE IP to instead of > PUBLIC IP ? I am not sure I understand the question. If you are asking: If a machine has to be behind a NATed firewall before you can assign a private IP address. The answer is yes and no. If you want to have several machines to have access to the Internet and only one IP, then you would need to use Network Address Translation. Then you could use one of the private IP address ranges for all of the machines on your internal network while only having a single box directly exposed to the Internet. This is not the same as a true firewall though because it really doesn't HAVE to block any traffic. So the box would really be just a router. In cases like this, I have found it best to have two NICs in the box that has Internet access. That way, you can use one NIC for external and one NIC for internal traffic. Here is a simple script that I think would work. IPTABLES=/sbin/iptables EXTIF="eth0" INTIF="eth1" $IPTABLES --table nat --append POSTROUTING --out-interface $EXTIF -j MASQUERADE $IPTABLES --append FORWARD --in-interface $INTIF -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
