Requests to a Public IP

Networking Static/Dynamic Routing
1

Good morning.

I describe the current network:

LAN(192.168.0.0/24) —> (192.168.0.1)IPFire(172.16.0.2) —> (172.16.0.1)Router —> Internet

I would like to know if it is possible to do the following:

That when I ping or make a request to 192.168.3.112 (which does not exist), it will be redirected to a Public IP (213.98.15.251).

Could this be done?

Thank you so much.

Greetings.

1 Like
2

Implementing a solution to redirect ICMP echo requests aimed at non-existent IP addresses within a subnet to a specified public IP address could be obtained with an unconventional approach that combines IP sets and iptables. The logic behind is to create an IP set that contains the entire subnet range, excluding known active IPs from this set, and then using iptables to redirect traffic. Keep in mind that I do not know the practicality and impact of such a setup on network performance and security.

First, you would start by creating an IP set named full_subnet and add the entire subnet, such as 192.168.3.0/24, to it.

ipset create full_subnet hash:net
ipset add full_subnet 192.168.3.0/24

The next step involves identifying all the active IP addresses within this range and systematically removing them from the set, ensuring it only includes IPs that are currently not in use.

ipset del full_subnet 192.168.3.x

Using iptables, you then set up a rule to catch ICMP echo requests directed at any IP in this full_subnet set and redirect them to a public IP address, 213.98.15.251, for instance.

iptables -t nat -A PREROUTING -p icmp --icmp-type echo-request -m set --match-set full_subnet dst -j DNAT --to-destination 213.98.15.251

Given the dynamic nature of networks, where IPs are frequently allocated and released, particularly through DHCP, I think it is essential to automate the process of updating the IP set to reflect these changes accurately. This automation would involve scripting the addition of new allocations to the active list and the removal of any IPs that become inactive. Without such dynamic updating, the system could either redirect traffic meant for now-active IPs or fail to redirect from newly inactive ones, failing the setup’s purpose and potentially compromising network integrity.

1 Like
3

Hi @cfusco.

Thank you very much for your help. In the end, you have given me light on the issue and thanks to what you have provided, I have solved it.

Bye.

1 Like