Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: multiple IPs one nic
« previous next »
Pages: [1]   Go Down

multiple IPs one nic

  • 6 Replies
  • 1717 Views

Offline belyache

  • **
  • 28
  • +0/-0
multiple IPs one nic
« on: October 03, 2006, 04:50:23 PM »
Hi all:

I am trying to take control of my network access.

I want to assign 2 IP addresses to the LAN side NIC of the SME server that I use for web filtering. These IP's would be in different subnets. IE 192.168.10.1 and 192.168.20.1 with a mask of 255.255.255.0.

This would allow me to assign different IP addresses to my LAN via DHCP to control access to my LAN but allow the NON LAN clients internet access.

Yes, I realize that they could hard code the IP's, that is not the worry.

Does that make sense? Any ideas would be helpful.

Glenn
Logged

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: multiple IPs one nic
« Reply #1 on: October 03, 2006, 05:21:13 PM »
Quote from: "belyache"
Hi all:

I am trying to take control of my network access.

I want to assign 2 IP addresses to the LAN side NIC of the SME server that I use for web filtering. These IP's would be in different subnets. IE 192.168.10.1 and 192.168.20.1 with a mask of 255.255.255.0.

This would allow me to assign different IP addresses to my LAN via DHCP to control access to my LAN but allow the NON LAN clients internet access.

Yes, I realize that they could hard code the IP's, that is not the worry.

Does that make sense? Any ideas would be helpful.

Glenn
To my knowledge this is not possible. Maybe you can assign every allowed host a fixed ip address based on the MAC address and allow guests to get a DHCP address. After that block everything but internet access for the DHCP pool.
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline belyache

  • **
  • 28
  • +0/-0
Re: multiple IPs one nic
« Reply #2 on: October 03, 2006, 08:00:39 PM »
To answer my own questions..... yes it works and yes I can allow both segments internet access but they cannot see each other.

What to do.....

Current IP is 10.0.10.1/24 255.255.255.0

Add a second IP to the internal NIC, command is this:
ip addr add 192.168.20.1/24 dev eth0 label eth0

You will note that the broadcast address is missing, that is to keep SME from forwarding the packets.

Next you need to add the new network to the local networks (trusted networks) in SME.
Goto Security --> Local Networks --> add network.
enter 192.168.20.0
mask 255.255.255.0
Router 10.0.10.1

Once this is saved everything "should" work.

I can ping 192.168.20.1 and 10.0.10.1 from 192.168.20.10 and 10.0.10.10. I cannot ping 192.168.20.10 from 10.0.10.10 or visa versa.

for the 192 network I use 192.168.20.1 for the gateway and 10.0.10.1 for DNS. For the 10 network I use 10.0.10.1 for both Gateway and DNS.

My next problem to work out is for SME to keep the NIC settings after a reboot. I can either write a sh script (this will work, I just don't know where to add it) or can I have SME save the settings using an e-smith command?  

Again, any help is appreciated (on the command to save or the above info).

Glenn
Logged

Offline belyache

  • **
  • 28
  • +0/-0
Re: multiple IPs one nic
« Reply #3 on: October 03, 2006, 10:30:09 PM »
I guess this is a running commentary on my part..... :-)

I think I have it. I am sure this is not how the developers would want it done, but the lack of documentation is forcing my hand.

I found in the /etc/rc.d/init.d/network start script the fact that SME is calling all files located in /etc/sysconfig/network-scripts.

In that folder you will find a file called ifcfg-eth0 and ifcfg-eth1 among others.

I guess at this point I should mention that we need to clarify which nic is being used for which network. In my instance eth0 is the LAN nic, and eth1 is the WAN nic.

Back to business....

I copied the ifcfg-eth0 to a file called ifcfg-eth01 then edited the file to have the network I needed to add. see below.
I am only showing the lines that I edited.

DEVICE=eth0:0
IPADDR=192.168.20.1
NETWORK=192.168.20.0
BROADCAST=0.0.0.0

After I was done editing, I rebooted the system and the eth0:0 interface came up as I had hoped.

If I am not missing anything, this should be what anyone who wants to add a second network to a SME LAN needs.

I hope this helps.

Glenn
Logged

Offline belyache

  • **
  • 28
  • +0/-0
Re: multiple IPs one nic
« Reply #4 on: October 04, 2006, 08:44:25 PM »
Well,

What I thought was working the way I wanted, isn"t.

I thought the SME server wasn't forwarding ICMP but in reality it was a Windows firewall doing it. I thought it was off when in fact it was on.

So, after searching the forums, and not finding what I need, I am back to ask some tough iptables questions.

I am starting a new topic about this.

Glenn
Logged

Offline shawnbishop

  • *****
  • 298
  • +0/-0
multiple IPs one nic
« Reply #5 on: July 23, 2007, 07:31:08 PM »
A liitle later then the orignal post, but I am looking for something similiar..

My server is setup as a relay server for about 60 domains, with 1000 users.

I want the single NIC to have two IP addresses...say

eth0 10.0.0.1
eth0:1 10.0.1.1,

the reason for this is that the outside users that do POP into the box use two different IP addresses..

How would I set this up??

Cheers
Logged

guest22

multiple IPs one nic
« Reply #6 on: July 23, 2007, 11:02:34 PM »
Please consider adding all relevant info into a wiki page. Thanks.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: multiple IPs one nic