Connecting extra IPs on a server

[jack action]

TL;DR Summary

I want to connect extra IPs to the internet on my server

I got a new server that I want to set up. It comes with 2 IPv4 and 1 IPv6. I'm new to these network settings and I have a hard time following what I need to do.

My ISP gives me this info about my IPs (not the real ones):

IP Address (main)     111.222.11.33
Netmask/Bitmask       255.255.255.0
Gateway               111.222.11.1
Resolver #1           115.225.111.88
Resolver #2           115.225.111.99

IP Address (extra)    111.222.22.44
Netmask/Bitmask       255.255.255.0
Gateway               111.222.22.1
Resolver #1           115.225.111.88
Resolver #2           115.225.111.88

IP Address (internal) 101.202.55.66
Netmask/Bitmask       255.255.0.0
Gateway               101.202.0.1
Resolver #1           N/A
Resolver #2           N/A

Link-local IPv6 Subnet
1234:5678:11:2222::/64

From the ISP dashboard I also created the following IPv6:

IP Address (created)  1234:5678:11:2222::1
Netmask/Bitmask       48
Gateway               1234:5678:11::1
Resolver #1           N/A
Resolver #2           N/A

I did a first install and I couldn't make either the extra IPv4 or the IPv6 I created reachable from an outside computer. All I ended up achieving was connections on localhost only. Anyway, I ended up screwing everything and now I did a new install. This time I chose to add an extra interface (ens4) during the OS install, setting it up with my extra IPv4, hoping it would at least work with this address. Nope. Works locally but not from an outside computer.

Here is the info from my network:

username@hostname:~$ ss -lntu
Netid              State               Recv-Q              Send-Q                           Local Address:Port                            Peer Address:Port              Process             
udp                UNCONN              0                   0                                127.0.0.53%lo:53                                   0.0.0.0:*                                     
tcp                LISTEN              0                   4096                             127.0.0.53%lo:53                                   0.0.0.0:*                                     
tcp                LISTEN              0                   128                                    0.0.0.0:22                                   0.0.0.0:*                                     
tcp                LISTEN              0                   128                                       [::]:22                                      [::]:*                                     
username@hostname:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:ce:ce:97:8f brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 111.222.11.33/24 brd 111.222.11.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::216:ceff:fece:978f/64 scope link
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:e9:e9:cc:67 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 111.222.22.44/24 brd 111.222.22.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 fe80::216:e9ff:fee9:cc67/64 scope link
       valid_lft forever preferred_lft forever
username@hostname:~$ ip r
default via 111.222.22.1 dev ens4 proto static
default via 111.222.11.1 dev ens3 proto static
111.222.22.0/24 dev ens4 proto kernel scope link src 111.222.22.44
111.222.11.0/24 dev ens3 proto kernel scope link src 111.222.11.33

What I did to test the connection was to use n‌c -l4 xxx.xxx.xxx.xxx 8493 to listen to the IPv4 address and open a t‌elnet xxx.xxx.xxx.xxx 8493 on another machine. Even though the ss -lntu command gives the same output for the sockets (only the IP address differs), only the main IP address can communicate outside the localhost.

I must admit I have a hard time following the terms "interface", "address", "route", etc., and what I really need to set up to accomplish what I want. I have no clue what the internal IP address is for and if it is useful to me. I played with netplan and ip and I prefer ip if possible.

Looking for help because not only search engines haven't been really helpful but the server is 3000 miles away and I can't kick it.

 

[Vanadium 50]

I don't understand what you are trying to do.

Considering ipv4 only for the moment, you want one server with one interface card to have two public IP addresses. Why? Pretty much anything you might want to do is more easily accomplished some other way.

 

[jack action]

One IP is for a website, the other is for a Tor relay. The Tor relay can optionally (preferably) be connected through an IPv6 as well.

 

[Tom.G]

Caveat: I have limited experience/knowledge on this. It sounds like you want one computer to act like multiple computers when seen from the Internet.

Keep in mind that the DNS (Domain Name Servers) on the Internet go only as far as your service providers connection to you. It is up to you to handle everything past that.

One approach that may work is to have a Router (or possibly just a Switch) connected to the Internet, then the various computer network cards individually connect to the Router with an Ethernet cable. You MAY need a Router for each incoming IP address.

A problem may arise with the network driver software in the computer not being able to handle two network cards. If so, perhaps a copy of the driver software can be loaded for each network card.

Cheers,
Tom

p.s. Interesting situation, please keep us updated!

p.p.s. If you can successfully run two instances of the network software on the computer, you may be able to avoid the two Routers.

 

[jack action]

Problem solved. My setup was good and the instructions from the web were also good.

The extra IP is DDoS protected and these firewall rules are on the ISP level, above my OS. Basically, everything was blocked except ports 22 and 30120 (which is apparently a port for a FiveM server, a server for the game GTA V multiplayer). This was probably set by the previous owner of the IP. Deleted every rule and now the IP is accessible.

Good thing I couldn't kick the server.