Assign ip from /29 block to virtual machines

[Nik schaad]

So here's the deal, I have a /29 IP block from ExtraIP, and I want to assign those to my virtual machines on my server so that I can access them through (for example) 37.123.213.231 instead of my usual public IP. I have a KPN Experia Box V12 router, and I can't use that to route any IP addresses. Can anyone help me?

I have virtual machines (ubuntu server) set up on my dedicated Ubuntu (GUI) server. I would like to know how to assign each of them a public IP address, since I want to start a VPS hosting business, but I don't know how to get started with the user's IP addresses. Explain to me like I'm 5 if you can, as I'm quite a noob when it comes to networking

[Kilrah]

You should be able to set your virtual machines to do bridged networking, at that point either you can set the ip on them manually or let them get them from the upstream modem/gateway via DHCP.

 

Nowadays you don't even really need multiple IPs, you can have multiple domains pointing to the same IP on which a reverse proxy is listening and redirecting the traffic transparently to whatever machine you want even if it doesn't have a different public address, or even the same machine on a different port. Or use virtual hosts.

[Nik schaad]

1 minute ago, Kilrah said:

You should be able to set your virtual machines to do bridged networking, at that point either you can set the ip on them manually or let them get them from the upstream modem/gateway via DHCP.

 

Nowadays you don't even really need multiple IPs, you can have multiple domains pointing to the same IP on which a reverse proxy is listening and redirecting the traffic transparently to whatever machine you want even if it doesn't have a different public address, or even the same machine on a different port.

The problem is not the domains. It's not for web hosting, it is for VPS hosting. I want to be able to give a customer an IP that they can access their server on, instead of ssh'ing with port numbers. Also, since it's a server in my family home, I'd rather use different public IP addresses for my VM's (the customer VPS's) rather than my parent's public IP

[Lurick]

Well there are a myriad of problems here but just a few:

1) You NEED to know networking and security for this or you're going to be in for a really bad time.

2) You can't just get public IPs from ExtraIP and have them work at your home, you need to tunnel to where they are hosted at, it's not as simple as take IPs from Place A and make them work at Place B without anything else. The gateway for those addresses is in Place A still, you need to tunnel those IPs back to Place A.

3) Unless you're segmenting everything off from anything else in the home you're basically asking for trouble there too.

4) Nobody is going to rent a VPS from someone random on the internet with no infrastructure and guaranteed levels of support unless they just need to mask their IP while doing something nefarious and are probably paying with a stolen card or something.

5) What is your logging plan? What will you do if the cops come knocking because someone was hosting something illegal? How do you plan to deal with torrents and notices?

6) Why are you trying to do 1:1 machine to IP mapping to being with? That's 5 people you can rent to instead of 500 when you do many:1 mapping.

 

Not trying to be a downer or anything but there is a TON more to this than a few VMs + some IPs = VPS hosting & money

[Kilrah]

16 minutes ago, Nik schaad said:

The problem is not the domains. It's not for web hosting, it is for VPS hosting. I want to be able to give a customer an IP that they can access their server on, instead of ssh'ing with port numbers. Also, since it's a server in my family home, I'd rather use different public IP addresses for my VM's (the customer VPS's) rather than my parent's public IP

You wouldn't have them access by ip but give them a name like server1.domain.com, that way you can have more than 5.

Then this depends on what equipment you got from your provider, how it's set up and what it'll let you do, and we don't have that information. But for home stuff you'll typically have a modem/gateway that will give one of those IPs via DHCP to any of the first 5 clients connected directly to it and that's it. You probably want to disable DHCP on it if you can, connect your VM host to it, give it one of the IPs manually, then set the VMs as bridged and give them the others maually as well.

 

And yes, the above, although I imagine this is for friends and hosted locally, not random customers.

[Nik schaad]

9 minutes ago, Lurick said:

Well there are a myriad of problems here but just a few:

1) You NEED to know networking and security for this or you're going to be in for a really bad time.

2) You can't just get public IPs from ExtraIP and have them work at your home, you need to tunnel to where they are hosted at, it's not as simple as take IPs from Place A and make them work at Place B without anything else. The gateway for those addresses is in Place A still, you need to tunnel those IPs back to Place A.

3) Unless you're segmenting everything off from anything else in the home you're basically asking for trouble there too.

4) Nobody is going to rent a VPS from someone random on the internet with no infrastructure and guaranteed levels of support unless they just need to mask their IP while doing something nefarious and are probably paying with a stolen card or something.

5) What is your logging plan? What will you do if the cops come knocking because someone was hosting something illegal? How do you plan to deal with torrents and notices?

6) Why are you trying to do 1:1 machine to IP mapping to being with? That's 5 people you can rent to instead of 500 when you do many:1 mapping.

 

Not trying to be a downer or anything but there is a TON more to this than a few VMs + some IPs = VPS hosting & money

Im aware of all of those problems, this is a long term idea and all that im currently looking for is a few links and references as to how I can tunnel the ip's from extraip to my servers. I want to figure out how it all works and how I can do it before I start to worry about the next part (s). Do you by any chance know how I can tunnel them. Idk what ip mapping is, as I said im still learning. Do you have any links where I can learn these things?

[Nik schaad]

7 minutes ago, Kilrah said:

You wouldn't have them access by ip but give them a name like server1.domain.com, that way you can have more than 5.

Then this depends on what equipment you got from your provider, how it's set up and what it'll let you do, and we don't have that information. But for home stuff you'll typically have a modem/gateway that will give one of those IPs via DHCP to any of the first 5 clients connected to it and that's it. You probably want to disable DHCP on it if you can, connect your VM host to it, give it one of the IPs manually, then set the VMs as bridged and give them the others maually as well.

 

And yes, the above, although I imagine this is for friends and hosted locally, not random customers.

it is currently indeed a project for friends as I still need to learn (basically) everything about networking. If you could refer me to websites where I can learn these things I'd ne very grateful

[Lurick]

4 minutes ago, Nik schaad said:

Im aware of all of those problems, this is a long term idea and all that im currently looking for is a few links and references as to how I can tunnel the ip's from extraip to my servers. I want to figure out how it all works and how I can do it before I start to worry about the next part (s). Do you by any chance know how I can tunnel them. Idk what ip mapping is, as I said im still learning. Do you have any links where I can learn these things?

Ok, that's a bit more level headed, I'm more used to people just wanting to print money because someone else does it kind of thing, lol. So if you're not planning to jump into the deep end then that's much easier to help you with

For tunnels it depends on what ExtraIP supports but doing some research you'll need to setup a GRE tunnel at minimum. You could setup a VM to act as the tunnel on your side and have it form a tunnel with ExtraIP. The biggest issue with all of this is there isn't a single guide for it, there are thousands which vary depending on what you use as the tunnel endpoint.

Mapping is basically using PAT(many:1) instead of NAT (1:1) to host multiple machines behind a single IP. Basically how your home internet allows multiple things to connect behind a single public IP. PAT in this case would be 1 machine to 1 IP on a specific port or range of ports they can use. Again though this is a million ways to set up kind of deal but all depends on how ExtraIP has their stuff setup.

 

Topics to research:

PAT/NAT

GRE Tunnels

IP logging/security (probably a bit broad but at least start with logging)

 

General resources:

cisco.com

juniper.com

stackoverflow.com

google.com

[Nik schaad]

2 minutes ago, Lurick said:

Ok, that's a bit more level headed, I'm more used to people just wanting to print money because someone else does it kind of thing, lol. So if you're not planning to jump into the deep end then that's much easier to help you with

For tunnels it depends on what ExtraIP supports but doing some research you'll need to setup a GRE tunnel at minimum. You could setup a VM to act as the tunnel on your side and have it form a tunnel with ExtraIP. The biggest issue with all of this is there isn't a single guide for it, there are thousands which vary depending on what you use as the tunnel endpoint.

Mapping is basically using PAT(many:1) instead of NAT (1:1) to host multiple machines behind a single IP. Basically how your home internet allows multiple things to connect behind a single public IP. PAT in this case would be 1 machine to 1 IP on a specific port or range of ports they can use. Again though this is a million ways to set up kind of deal but all depends on how ExtraIP has their stuff setup.

 

Topics to research:

PAT/NAT

GRE Tunnels

IP logging/security (probably a bit broad but at least start with logging)

 

General resources:

cisco.com

juniper.com

stackoverflow.com

google.com

thank you so much this will help me greatly

[Lurick]

1 minute ago, Nik schaad said:

thank you so much this will help me greatly

Yah, hope I didn't come off too harsh at first.

Don't hesitate to ask more questions either as they come up because they will but I hope that at least gives you some general direction to start going in.