Topic: 3 network cards???

[Ian Campbell]

Hi,

I have a requirement to access a third network and therefore require 3 network adaptors.  Is this possible with e-smith?  

The configuration process only ever detects 2 cards and it will not let me configure the card with ifconfig because it is not detected and loadable modules are not in use.

thanks,

Ian

[Ronald Tanis]

why do you want to have 3 nics installed?  you can take a virtual ip-adress for every nic.

Ronald

[Joaquin]

Hi Ian,

I am working with 3 ethernets, the steps are:

1. cd /etc/sysconfig/network-scripts
2. cp ifcfg-eth1 ifcfg-eth2
3. You have to edit "ifcfg-eth2" and change ip, mask, ...
4. cd /etc/rc.d/init.d/
5. To edit "masq" file, you should duplicate the lines that contains only the ip-address-lan1 and change it for new ip-address-lan2.
6. cd /etc
7. I have an ethernet 3c503 as eth2, so I edit "modules.conf" and I add:
    alias 3c503
    options 3c503 io=0x300
8. Run:
    /sbin/e-smith/config set EthernetDriver3 3c503
9. And:
    /sbin/e-smith/signal-event console-save
10. shutdown -r now

This is all, regards

Joaquin.

[aniston]

Hello Joaquin,

I guess you got your stuff working well ie: having 2 network cards to server 2 computers via cross cabling in the local network inside and the third to be connected to the router again cross cabling.

I read your example but can you describe it further as I'd like to do the same setup here at home but dont want to spend on buyig a hub/switch as there is one desktop and one portable that needs to be connected to the server.

any suggestions are most wellcome.

thanks ,
aniston.

[Tom Keiser]

You can buy a 5-port 10/100 hub or switch for less than $40. Why bother with extra nics and crossover cables?

[aniston]

well here in Italy a minimal 5 port switch costs € 95 about $100 and a simple NIC RTL8139 costs only € 15 including a cross cable of 1.8mts . also having a HUB/switch around takes up desktop space plus the power adaptor.

anyways i guess its more of the trying experience than to get beyond the reasoning factors, hence the help request.

cheers,
aniston.

[aniston]

OK got it working very simply, atleast for the moment, (havent as yet rebooted the machine) neither am i capable of judging the network security hazzard of this setup so try this at your own risk

After a lot of trial and error i managed to get it working like this. a simple poor mans setup standard settings might look like this ::

ROUTER (192.168.2.1) (via RJ11 to ADSL provider)
ETH1 (192.168.2.2) (external via cross to the router)
ETH0 (192.168.1.1) (int. via cross to laptop) (main gateway G.W. = 192.168.1.1)
ETH2 (192.168.3.1) (int. via cross to desktop)
... and so forth for ETH3 and onwards .. (if your machine can handle them all !! )

1. made an entry in the Local Networks section of the Server Manager to accept local traffic from the this network of 192.168.3.0/24 (or simple terms 192.168.3.0 with subnet mask 255.255.255.0) and nothing entered in the router section

2. initiated the third card by applying a class "C" address by the command ....
   ifconfig eth2 add 192.168.3.1 and the ifconfig eth2 up

3. had to manually reconfigure the desktop PC giving it another class "C" address of 192.168.3.2 netmask of 255.255.255.0 with G.W. and D.N.S. 192.168.1.1

4. the result :: for ETH0 :: everything in normal operation like classic e-smith
              :: for ETH2 :: all traffic outside the network either DNS queries or inet access or file service is heading for the G.W. 192.168.1.1 thru the trusted route set up in the server manager.

5. At this point one asks what about IP packets presented at the router side ? well in theory  routers are not supposed to foward class "C" packets so it would not cross the router from outside to inside (but this needs to be clarified) neither would ongoing linked routers do any such fowarding so in theory this should be safe enough. However this is a lay mans theory of little that he knows in networking ! so dont take my word for it.

6. wondering how to get this to work on a reboot !! someone please shed some light on this.

regards,
aniston.

[Lynn]

I have a Win2k Server PC with 5 nics.

For my situation, the idea is to share a DSL connection in my building between several companies using Win2k Server's excellent NAT service.

For security reasons, you don't want to be on one huge LAN with unknown users while using windows file sharing.

So, the nics are each a separate ip range, (192.268.1.0/24, 192.168.2.0/24, etc) and aren't allowed to browse each other. IP Forwarding is off, and no DNS service is provided.

Any company on a nic by itself is hidden from the other nics. There are a couple of nics that have 2 or 3 companies sharing, so they use personal firewalls. There are at least 20 computers attached to this server, which is only a 450MHz k6-2.

This isn’t exactly what you're doing - but the experience of building this system gives me some insight.

Ideally, you need DHCP to listen on all internal nics and hand out ip addresses appropriate for the nic you're attached to. Plus, DHCP should hand out the IP address of the gateway, DNS Server, domain name, and other critical info that’s correct for each nic. The DHCP config file is easily edited to add the separate ranges.

Users of the 192.168.0.1 nic, would use192.168.0.1 as the gateway, DNS service, etc
Users of the 192.168.1.1 nic, would use192.168.1.1 as the gateway, DNS service, etc
Users of the 192.168.2.1 nic, would use192.168.2.1 as the gateway, DNS service, etc

You could enter all this by hand into the clients and forget DHCP, but that becomes a pain after while - even with only a few machines.

For your setup, you'd want a local DNS service running. That should provide browsing between the LANs. Shouldn’t need to enter routes by hand.

Looks like all the LANs listed in Local Networks are the ones that are allowed access for services like Squid, DNS, etc., so you'd have to add them all there.


I just got my first SME Server up yesterday, so I haven’t had time try to go beyond 2 nics. That’s why I read your post, in fact - looking for ready made answers to save time.

I've been looking for an alternative to Win2k Server because of its hefty cost. But after learning and setting up several distribs of Linux and BSD as firewalls, I never felt comfortable that they were actually secure. There is just too much I don’t know about setting up ipchains and all the rest. And I know a lot more about linux and firewalls than the average person.

That’s what drew me to try SME Server - a secure firewall, (seems to be so far) that’s low cost and configures itself. And it runs on a Pentium 1.

Anyway, hopes some of this helps...

[Shaun]

Have you had any problems with losing the connection to local networks after the system is restarted (the route for these local networks are on the subnet of the third card)

Had to modify the /etc/e-smith/web/functions/localnetwork otherwise it would reject any local networks I tried to add which default route was on the third card.  

Have to add in another local network or remove and add an existing one to get the local networks via the third card to be seen again after the system has been restarted.

Any help would be great.

Regards

Shaun