Connecting extra IPs on a server

  • Thread starter Thread starter jack action
  • Start date Start date
  • Tags Tags
    Server
Click For Summary
SUMMARY

The forum discussion centers on configuring a server with multiple IP addresses, specifically two IPv4 addresses (111.222.11.33 and 111.222.22.44) and one IPv6 address (1234:5678:11:2222::1). The user faced challenges in making the extra IPs reachable from external networks despite successful local connections. Key insights include the importance of proper routing and firewall configurations, as well as the potential need for additional hardware like routers to manage multiple IP addresses effectively. The discussion highlights that ISP-level firewall rules can block access, necessitating their removal for successful connectivity.

PREREQUISITES
  • Understanding of IPv4 and IPv6 addressing
  • Familiarity with network interfaces and routing
  • Knowledge of firewall configurations and DNS settings
  • Basic command line skills for using tools like 'ip' and 'ss'
NEXT STEPS
  • Research how to configure multiple IP addresses on a single network interface in Linux
  • Learn about managing firewall rules using 'iptables' or 'ufw'
  • Explore the setup of routers for handling multiple public IP addresses
  • Investigate the use of network monitoring tools to troubleshoot connectivity issues
USEFUL FOR

Network administrators, server engineers, and anyone involved in configuring and managing servers with multiple IP addresses, particularly in remote setups.

jack action
Science Advisor
Insights Author
Messages
3,551
Reaction score
9,896
TL;DR
I want to connect extra IPs to the internet on my server
I got a new server that I want to set up. It comes with 2 IPv4 and 1 IPv6. I'm new to these network settings and I have a hard time following what I need to do.

My ISP gives me this info about my IPs (not the real ones):

Code: 
IP Address (main)     111.222.11.33
Netmask/Bitmask       255.255.255.0
Gateway               111.222.11.1
Resolver #1           115.225.111.88
Resolver #2           115.225.111.99

IP Address (extra)    111.222.22.44
Netmask/Bitmask       255.255.255.0
Gateway               111.222.22.1
Resolver #1           115.225.111.88
Resolver #2           115.225.111.88

IP Address (internal) 101.202.55.66
Netmask/Bitmask       255.255.0.0
Gateway               101.202.0.1
Resolver #1           N/A
Resolver #2           N/A

Link-local IPv6 Subnet
1234:5678:11:2222::/64

From the ISP dashboard I also created the following IPv6:

Code: 
IP Address (created)  1234:5678:11:2222::1
Netmask/Bitmask       48
Gateway               1234:5678:11::1
Resolver #1           N/A
Resolver #2           N/A

I did a first install and I couldn't make either the extra IPv4 or the IPv6 I created reachable from an outside computer. All I ended up achieving was connections on localhost only. Anyway, I ended up screwing everything and now I did a new install. This time I chose to add an extra interface (ens4) during the OS install, setting it up with my extra IPv4, hoping it would at least work with this address. Nope. Works locally but not from an outside computer.

Here is the info from my network:
Code: 
username@hostname:~$ ss -lntu
Netid              State               Recv-Q              Send-Q                           Local Address:Port                            Peer Address:Port              Process             
udp                UNCONN              0                   0                                127.0.0.53%lo:53                                   0.0.0.0:*                                     
tcp                LISTEN              0                   4096                             127.0.0.53%lo:53                                   0.0.0.0:*                                     
tcp                LISTEN              0                   128                                    0.0.0.0:22                                   0.0.0.0:*                                     
tcp                LISTEN              0                   128                                       [::]:22                                      [::]:*                                     
username@hostname:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:ce:ce:97:8f brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 111.222.11.33/24 brd 111.222.11.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::216:ceff:fece:978f/64 scope link
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:e9:e9:cc:67 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 111.222.22.44/24 brd 111.222.22.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 fe80::216:e9ff:fee9:cc67/64 scope link
       valid_lft forever preferred_lft forever
username@hostname:~$ ip r
default via 111.222.22.1 dev ens4 proto static
default via 111.222.11.1 dev ens3 proto static
111.222.22.0/24 dev ens4 proto kernel scope link src 111.222.22.44
111.222.11.0/24 dev ens3 proto kernel scope link src 111.222.11.33

What I did to test the connection was to use n‌c -l4 xxx.xxx.xxx.xxx 8493 to listen to the IPv4 address and open a t‌elnet xxx.xxx.xxx.xxx 8493 on another machine. Even though the ss -lntu command gives the same output for the sockets (only the IP address differs), only the main IP address can communicate outside the localhost.

I must admit I have a hard time following the terms "interface", "address", "route", etc., and what I really need to set up to accomplish what I want. I have no clue what the internal IP address is for and if it is useful to me. I played with netplan and ip and I prefer ip if possible.

Looking for help because not only search engines haven't been really helpful but the server is 3000 miles away and I can't kick it.
 
Reply
  • Like
Likes Wrichik Basu
Computer science news on Phys.org
I don't understand what you are trying to do.

Considering ipv4 only for the moment, you want one server with one interface card to have two public IP addresses. Why? Pretty much anything you might want to do is more easily accomplished some other way.
 
One IP is for a website, the other is for a Tor relay. The Tor relay can optionally (preferably) be connected through an IPv6 as well.
 
Caveat: I have limited experience/knowledge on this. It sounds like you want one computer to act like multiple computers when seen from the Internet.

Keep in mind that the DNS (Domain Name Servers) on the Internet go only as far as your service providers connection to you. It is up to you to handle everything past that.

One approach that may work is to have a Router (or possibly just a Switch) connected to the Internet, then the various computer network cards individually connect to the Router with an Ethernet cable. You MAY need a Router for each incoming IP address.

A problem may arise with the network driver software in the computer not being able to handle two network cards. If so, perhaps a copy of the driver software can be loaded for each network card.

Cheers,
Tom

p.s. Interesting situation, please keep us updated!

p.p.s. If you can successfully run two instances of the network software on the computer, you may be able to avoid the two Routers.
 
Last edited:
Reply
  • Like
Likes Wrichik Basu
Problem solved. My setup was good and the instructions from the web were also good.

The extra IP is DDoS protected and these firewall rules are on the ISP level, above my OS. Basically, everything was blocked except ports 22 and 30120 (which is apparently a port for a FiveM server, a server for the game GTA V multiplayer). This was probably set by the previous owner of the IP. Deleted every rule and now the IP is accessible.

Good thing I couldn't kick the server.
 
Reply
  • Informative
  • Like
Likes Wrichik Basu, nsaspook and Tom.G

Thread 'Looking for a reliable inkjet All-In-One printer for photos and docs'

I am having a hell of a time finding a good all-in-one inkjet printer. I must have gone through 5 Canon, 2 HP, one Brother, one Epson and two 4 X 6 photo printers in the last 7 yrs. all have all sort of problems. I don't even know where to start anymore. my price range is $180-$400, not exactly the cheapest ones. Mainly it's for my wife which is not exactly good in tech. most of the problem is the printers kept changing the way it operate. Must be from auto update. I cannot turn off the...
View full post »